On Jan. 25, 2022 a high severity vulnerability was identified (CVE-2021-4034 "PwnKit") in the default configuration of all major Linux OS distributions. VisibleThread's on-premise and cloud software runs on Linux and is therefore also affected. The following VisibleThread products are impacted:
- VT Docs / VT Writer cloud (VisibleThread hosted)
- VT Docs / VT Writer on-premise
VT Docs / VT Writer cloud
All VisibleThread cloud servers have been patched for this vulnerability.
VT Docs / VT Writer on-premise
Your VisibleThread on-premise server may require patching for this vulnerability.
Ubuntu Servers:
1. Verify the version of Ubuntu you are running
sudo lsb_release -a
2. Check the currently installed version of policykit-1 package
dpkg -s policykit-1 | grep Version
If you are running Ubuntu version 20 or later, you should look for policykit package version 0.105-26ubuntu1.2. If running Ubuntu 18 you should see policykit package version 0.105-20ubuntu0.18.04.6.
3. If you are not running the correct version, upgrade by typing:
sudo apt install policykit-1
Red Hat Servers
On Red Hat servers (will need an active Red Hat subscription):
sudo yum update
NOTE: servers running Ubuntu 16.04 or less, without Extended Support from Canonical, will NOT receive the security update. These servers will need to be upgraded to Ubuntu 20.04. If you are utilizing an Ubuntu server with an End-of-Life release, please see these instructions on migrating to a new server.