VisibleThread -
Help Center Find helpful articles on different VisibleThread Products

Follow

Security Announcement - CVE-2021-4034 - PwnKit

 

On Jan. 25, 2022 a high severity vulnerability was identified (CVE-2021-4034 "PwnKit") in the default configuration of all major Linux OS distributions. VisibleThread's on-premise and cloud software runs on Linux and is therefore also affected. The following VisibleThread products are impacted:

  • VT Docs / VT Writer cloud (VisibleThread hosted)
  • VT Docs / VT Writer on-premise

 

VT Docs / VT Writer cloud

All VisibleThread cloud servers have been patched for this vulnerability.

 

VT Docs / VT Writer on-premise

Your VisibleThread on-premise server may require patching for this vulnerability.

 

Ubuntu Servers:

1. Verify the version of Ubuntu you are running

sudo lsb_release -a


2.  Check the currently installed version of policykit-1 package

 

 dpkg -s policykit-1 | grep Version


If you are running Ubuntu version 20 or later, you should look for policykit package version 0.105-26ubuntu1.2. If running Ubuntu 18 you should see policykit package version 0.105-20ubuntu0.18.04.6.


3. If you are not running the correct version, upgrade by typing:

 sudo apt install policykit-1

 

Red Hat Servers

On Red Hat servers (will need an active Red Hat subscription):

sudo yum update

 

NOTE: servers running Ubuntu 16.04 or less, without Extended Support from Canonical, will NOT receive the security update. These servers will need to be upgraded to Ubuntu 20.04. If you are utilizing an Ubuntu server with an End-of-Life release, please see these instructions on migrating to a new server. 

 

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.