#2708: Patch update on all systems
---------------------------+-----------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Keywords:
---------------------------+-----------------------
In particular for vulnerability
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-
local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-
cve-2021-4034
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2708>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2708: Patch update on all systems
---------------------------+------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+------------------------
Comment (by robe):
updated backup, osgeo6, osgeo8, and osgeo9
osgeo3, osgeo4, osgeo7 were already up to date
Patch updated containers:
osgeo4
{{{
hop
osgeo4-nginx
old-web-staging #shut off
wiki-staging
wordpress-staing
wordpress-dev
secure-dev
tracsvn-dev
}}}
osgeo7
{{{
download #already updated
dronie-server
nextcloud
nginx #already up to date
secure #already up to date
tracsvn
}}}
osgeo3
{{{
limesurvey
matrix
nexus
osgeo3-nginx
pretalx
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2708#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2708: Patch update on all systems
---------------------------+------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+------------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
osgeo 3
{{{
grass-wiki
wiki
}}}
osgeo 7
{{{
collabora
grass #up to date
live
mapserver
pycsw
}}}
osgeo 9 containers
{{{
hop #already up to date
weblate
}}}
The older containers are harder to patch since the OS needs to be
upgraded. As far as polkit goes I think the only danger is from people who
are in shell group (have ssh into hop containers). Those are fairly
trusted people anyway.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2708#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2708: Patch update on all systems
---------------------------+------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+------------------------
Comment (by robe):
I did check several of the old containers and they didn't seem to have
pkexec on them at all. old-web, old-projects, old-webextra
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2708#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.