OESA-2021-1230
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1230
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1230.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1230
- Upstream
- Published
- 2021-06-22T11:02:58Z
- Modified
- 2025-08-12T05:09:00.287783Z
- Summary
- polkit security update
- Details
-
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.
Security Fix(es):
A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3560)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / polkit
Package
- Name
- polkit
- Purl
- pkg:rpm/openEuler/polkit&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.116-7.oe1
Ecosystem specific
{
"src": [
"polkit-0.116-7.oe1.src.rpm"
],
"x86_64": [
"polkit-devel-0.116-7.oe1.x86_64.rpm",
"polkit-libs-0.116-7.oe1.x86_64.rpm",
"polkit-0.116-7.oe1.x86_64.rpm",
"polkit-debugsource-0.116-7.oe1.x86_64.rpm",
"polkit-debuginfo-0.116-7.oe1.x86_64.rpm"
],
"aarch64": [
"polkit-debuginfo-0.116-7.oe1.aarch64.rpm",
"polkit-devel-0.116-7.oe1.aarch64.rpm",
"polkit-debugsource-0.116-7.oe1.aarch64.rpm",
"polkit-0.116-7.oe1.aarch64.rpm",
"polkit-libs-0.116-7.oe1.aarch64.rpm"
],
"noarch": [
"polkit-help-0.116-7.oe1.noarch.rpm"
]
}