ASA-202106-24 log generated external raw

[ASA-202106-24] polkit: privilege escalation
Arch Linux Security Advisory ASA-202106-24 ========================================== Severity: Medium Date : 2021-06-09 CVE-ID : CVE-2021-3560 Package : polkit Type : privilege escalation Remote : No Link : Summary ======= The package polkit before version 0.119-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 0.119-1. # pacman -Syu "polkit>=0.119-1" The problem has been fixed upstream in version 0.119. Workaround ========== None. Description =========== A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process. Impact ====== A local attacker could escalate privileges by exploiting a race condition. References ==========