An update for polkit is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1230 Final 1.0 1.0 2021-06-22 Initial 2021-06-22 2021-06-22 openEuler SA Tool V1.0 2021-06-22 polkit security update An update for polkit is now available for openEuler-20.03-LTS-SP1. polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fix(es): A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3560) An update for polkit is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High polkit https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1230 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3560 https://nvd.nist.gov/vuln/detail/CVE-2021-3560 openEuler-20.03-LTS-SP1 polkit-debuginfo-0.116-7.oe1.aarch64.rpm polkit-devel-0.116-7.oe1.aarch64.rpm polkit-debugsource-0.116-7.oe1.aarch64.rpm polkit-0.116-7.oe1.aarch64.rpm polkit-libs-0.116-7.oe1.aarch64.rpm polkit-help-0.116-7.oe1.noarch.rpm polkit-0.116-7.oe1.src.rpm polkit-devel-0.116-7.oe1.x86_64.rpm polkit-libs-0.116-7.oe1.x86_64.rpm polkit-0.116-7.oe1.x86_64.rpm polkit-debugsource-0.116-7.oe1.x86_64.rpm polkit-debuginfo-0.116-7.oe1.x86_64.rpm A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-06-22 CVE-2021-3560 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H polkit security update 2021-06-22 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1230