[Solved] Is this serious vulnerability patched for Mint?
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
-
- Level 20
- Posts: 12341
- Joined: Sun Aug 09, 2015 10:00 am
[Solved] Is this serious vulnerability patched for Mint?
There has been this serious vulnerability. The article says it was patched for Ubuntu. I expect it to be patches for Mint too. Just want to make sure. Is it patched in the kernel? If so which series or is it a non kernel patch?
https://news.google.com/articles/CAIiEO ... id=IN%3Aen
https://news.google.com/articles/CAIiEO ... id=IN%3Aen
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Re: Is this serious vulnerability patched for Mint?
From Ubuntu (link from your article)
From my Mint Update Manager history..
Re: Is this serious vulnerability patched for Mint?
Hi, folks.
The answer is, "yes, Ubuntu provides the needed policykit patch", cf. this post please:
Karl
The answer is, "yes, Ubuntu provides the needed policykit patch", cf. this post please:
Cheers,karlchen wrote: ⤴Wed Jan 26, 2022 3:18 pmUsers of Linux Mint 19.x and 20.x should be safe from the reported policykit vulnerability thanks to Ubuntu's recent policykit bugfix. Cf. USN-5252-1: PolicyKit vulnerability. This statement will apply, provided you have accepted and installed the available policykit bugfix.
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: Is this serious vulnerability patched for Mint?
the Register article failed to explicitly state that this vulnerability can't be exploited remotely. The headline "Bug grants root access to any user" in fact means that you need to have a malicious unprivileged user on your system. Not a chance.
Edit: Still consider a fair point made by karlchen below:
Edit: Still consider a fair point made by karlchen below:
to spend a thought or two on trying to imagine the malicious unprivileged local user on your system might actually not be a single entity, but two: the unprivileged local user (you) and a not so benevolent piece of software, exploiting the vulnerability.
Last edited by t42 on Thu Jan 27, 2022 10:01 am, edited 1 time in total.
-=t42=-
Re: Is this serious vulnerability patched for Mint?
The Ubuntu article, which I had linked to, is not based on any click-bait article anywhere.
I suggest
This is purely my personal point of view and my personal approach to newly detected vulnerabilities.
I suggest
- not to get into panic when reading click-bait articles about the latest software vulnerability on the one hand
- but also not to be impressed too much by those experts, who, based on missing pieces of information in the click-bait articles, immediately explain that the found vulnerability could not be exploited on your Linux Mint desktop machines, on the other hand.
- to spend a thought or two on trying to imagine the malicious unprivileged local user on your system might actually not be a single entity, but two:
the unprivileged local user (you) and a not so benevolent piece of software, exploiting the vulnerability.
Not all users get all their software exclusively from trustworthy sources. - to take into consideration that the Ubuntu developers do not create security alerts for fun and that the policykit maintainers did not fix the vulnerability for fun.
- to install the security updates offered by Update Manager in a timely fashion. - Better safe than sorry.
This is purely my personal point of view and my personal approach to newly detected vulnerabilities.
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
-
- Level 20
- Posts: 12341
- Joined: Sun Aug 09, 2015 10:00 am
Re: Is this serious vulnerability patched for Mint?
Thank you Karlchen for your inputs. I always install the updates without fail that too immediately.
Best way to check if the vulnerability is patches should be to see that the update mentioned in my link for Ubuntu 20.04 is installed on our systems. According to RIHs post that doesn't seem to be the case. I do not know as yet hoto find this information.
Best way to check if the vulnerability is patches should be to see that the update mentioned in my link for Ubuntu 20.04 is installed on our systems. According to RIHs post that doesn't seem to be the case. I do not know as yet hoto find this information.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: Is this serious vulnerability patched for Mint?
Update Manager > View > History of Updatesdeepakdeshp wrote: I do not know as yet hoto find this information.
https://packages.ubuntu.com/source/foca ... olicykit-1
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Is this serious vulnerability patched for Mint?
Version installed
Changelog (hint the first entry is the report of this vulnerability being patched)
Code: Select all
apt policy policykit-1
Code: Select all
apt changelog policykit-1
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Is this serious vulnerability patched for Mint?
Clearly don't have cats. Mine like to call up random terminal commands from my bash history by stomping all over the keyboard...
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Is this serious vulnerability patched for Mint?
Given that most people who use a computer do not keep track of any of this stuff, particularly not anything Linux-related, on the whole I'm not overly worried about potential negatives stemming from these kinds of click-bait articles. That said, however...
I am concerned that a few random idiots and/or bad apples out there in seeing these articles will then amplify them locally to people they know, and/or potential customers or others, who might then falsely get the legitimate impression that Linux is some kind of unsafe and undesirable platform. I forget if it was on here or somewhere else where somebody had overheard a sales person at I think it might have been a Best Buy (but wherever it was...) tell a customer “This computer is too powerful for Linux.”
There's an old saying, and I know I've mentioned it here on LMF before but I think it bears repeating:
What's the difference between a computer sales person and a used car sales person? One of them knows they are lying to you.
Something which really gets me — and I know this might come off as picking on this thread's OP or hurtling insults, which is not my intention — is folk like this thread's OP see one of these articles and then run in here all concerned and worried their OS is at risk and there's this "big unknown danger", posting threads like this, without even bothering to check the Important Notices section first to see if someone in actual authority vis a vis LM has put up an urgent warning or, in fact, anything at all.
Believe me, if there were something of an imminent serious threat nature to Linux in general, the kernel in general, or Ubuntu's distributed kernel or the various versions of other system components they've chosen to use and distribute, or (hypothetically) something specific to Linux Mint, Clem or one of the other admins would be putting up a HUGE notice about it, probably having it show up in all sections of this board, and just as likely as not by the time it would be made public there'd already be a patch for it which then means Clem & Co. would have already pushed it out to the repos and likely flagged it so when you looked at updates you could see it was urgent.
I am concerned that a few random idiots and/or bad apples out there in seeing these articles will then amplify them locally to people they know, and/or potential customers or others, who might then falsely get the legitimate impression that Linux is some kind of unsafe and undesirable platform. I forget if it was on here or somewhere else where somebody had overheard a sales person at I think it might have been a Best Buy (but wherever it was...) tell a customer “This computer is too powerful for Linux.”
There's an old saying, and I know I've mentioned it here on LMF before but I think it bears repeating:
What's the difference between a computer sales person and a used car sales person? One of them knows they are lying to you.
Something which really gets me — and I know this might come off as picking on this thread's OP or hurtling insults, which is not my intention — is folk like this thread's OP see one of these articles and then run in here all concerned and worried their OS is at risk and there's this "big unknown danger", posting threads like this, without even bothering to check the Important Notices section first to see if someone in actual authority vis a vis LM has put up an urgent warning or, in fact, anything at all.
Believe me, if there were something of an imminent serious threat nature to Linux in general, the kernel in general, or Ubuntu's distributed kernel or the various versions of other system components they've chosen to use and distribute, or (hypothetically) something specific to Linux Mint, Clem or one of the other admins would be putting up a HUGE notice about it, probably having it show up in all sections of this board, and just as likely as not by the time it would be made public there'd already be a patch for it which then means Clem & Co. would have already pushed it out to the repos and likely flagged it so when you looked at updates you could see it was urgent.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Re: Is this serious vulnerability patched for Mint?
That is not what my post says at all.deepakdeshp wrote: ⤴Thu Jan 27, 2022 1:25 pm Best way to check if the vulnerability is patches should be to see that the update mentioned in my link for Ubuntu 20.04 is installed on our systems. According to RIHs post that doesn't seem to be the case. I do not know as yet hoto find this information.
Rather it shows that my PC was secured by an update on 26th. January..
Re: Is this serious vulnerability patched for Mint?
Which one? I suspect it would be both of them know they are lying.
“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
Re: [Solved] Is this serious vulnerability patched for Mint?
This was a fresh vulnerability--discovered well before being introduced in the wild.
Vulnerability does not mean an exploit.
The Linux-wide polkit update well preceeded the public announcement.
Mint users only need the latest update manager offerings.
Hey--vulnerabilities are discovered daily in every os.
I am impressed by the Mint teams response.
Thanks
Vulnerability does not mean an exploit.
The Linux-wide polkit update well preceeded the public announcement.
Mint users only need the latest update manager offerings.
Hey--vulnerabilities are discovered daily in every os.
I am impressed by the Mint teams response.
Thanks
Everything in life was difficult before it became easy.
-
- Level 20
- Posts: 12341
- Joined: Sun Aug 09, 2015 10:00 am
Re: [Solved] Is this serious vulnerability patched for Mint?
The patch would have come down from.Ubuntu I feel and not Mintall41 wrote: ⤴Sat Jan 29, 2022 1:51 am This was a fresh vulnerability--discovered well before being introduced in the wild.
Vulnerability does not mean an exploit.
The Linux-wide polkit update well preceeded the public announcement.
Mint users only need the latest update manager offerings.
Hey--vulnerabilities are discovered daily in every os.
I am impressed by the Mint teams response.
Thanks
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Re: [Solved] Is this serious vulnerability patched for Mint?
Did Mint not point you there
Everything in life was difficult before it became easy.
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Is this serious vulnerability patched for Mint?
The classical implication, which is the one I was referring to, was that the used car sales person knows they are lying. The computer sales person doesn't really know anything about technology and just says whatever it takes, or they just promote the current sales and marketing spiel.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: [Solved] Is this serious vulnerability patched for Mint?
Exactly. Some vulnerabilities are so hyper-specific that few, if any, computers would be at real risk.
And as always, the biggest exploitable vulnerability an OS has is the one which sits behind the keyboard.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel