Extra/polkit-qt5 0.113.0-2 vulnerable?

Hi there

When I type:

pacman -Ss "polkit"

i get:

extra/polkit-qt5 0.113.0-2

Is this version vulnerable to privledge escalation attacks or am I wrong?
If I am correct should it not be updated in the endeavour repos?

typing

pacman -Syu

it tells me the system is up to date.

link for info:

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-lets-you-get-root-on-most-modern-distros/

As far as I understand it the package impacted is polkit and it was fixed in 0.119-1

It seems odd that you don’t have polkit installed. What does pacman -Qi polkit return?

More info here:
https://security.archlinux.org/CVE-2021-3560

Typing

`

pacman -Qi polkit
`

yields this:

Navn                   : polkit
Version                : 0.119-1

So I stand corrected. Thanks for your time, dalto.

1 Like
$ pacman -Qs polkit
local/polkit 0.119-1
    Application development toolkit for controlling system-wide privileges
local/polkit-kde-agent 5.22.0-1 (plasma)
    Daemon providing a polkit authentication UI for KDE
local/polkit-qt5 0.113.0-2
    A library that allows developers to access PolicyKit API with a nice Qt-style API

Both are installed, as polkit-qt5 requires polkit, and is itself required by kauth and kpmcore.