Versions Compared

Old Version 3

changes.mady.by.user Doina Cristina Duma

Saved on

compared with

New Version Current

changes.mady.by.user Doina Cristina Duma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents


DATE:  


Two critical vulnerabilities have been reported:

...

Info
titleIMPORTANT

The CVE-2021-4034 (polkit) affects all operating systems and the update, or mitigation, must be applied within 1 week.Note that the polkit update may cause problems on containerized applications. It is recommended that you stop the running containers before applying the update. Please carefully read and apply the steps detailed bellow. 

The CVE-2022-0185 (kernel) affects CentOS Stream 8, and higher versions, and Ubuntu 20.04, and it is particulalry dangerous on multi-user instances on which the update must be applied within 1 week. Ubuntu 18.04 is not affected.

Please carefully read and apply the steps detailed bellow. 


Instructions for Ubuntu 20.04

...

If the version returned by this command is less than 0.115112-1326.el8el7_59.1.x86_64, a package update is required. 

...

Code Block
languagebash
$ docker ps # get the list of running containers
$ docker stop <running_containers> # or use "docker-compose down"
$ sudo yum clean all & yum -y update polkit
$ sudo reboot

In case containers are NOT running on your system just update the policykit package: 

Code Block
languagebash
$ sudo yum clean all & yum -y update polkit



References

CVE-2022-0185

[R1] https://access.redhat.com/security/cve/CVE-2022-0185 

...

[R3] https://www.openwall.com/lists/oss-security/2022/01/18/7 

CVE-2021-4034

[R4] https://access.redhat.com/security/cve/CVE-2021-4034 

...