[FOLIO-3402] folioci/alpine-jre-openjdk11 not affected by polkit (CVE-2021-4034) Created: 26/Jan/22  Updated: 27/Jan/22  Resolved: 26/Jan/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3401 jenkins-slave not affected by polkit ... Closed
Sprint:
Development Team: FOLIO DevOps
RCA Group: TBD

 Description   

folioci/alpine-jre-openjdk11 = https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk11/Dockerfile

Most FOLIO Java modules use this Docker image that is based on Alpine.

However, our image doesn't contain the polkit Alpine package.

Therefore it is not affected by this Local Privilege Escalation in polkit's pkexec:
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://security.alpinelinux.org/srcpkg/polkit


Generated at Thu Feb 08 23:27:51 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.