CVE-2021-4034 Pwnkit
-
And updates being released for pwnkit? I am not seeing anything released from FreeBSD on the issue. It is known openBSD has no issues.
Thanks
[Edit] Was able to find FreeBSD open Bug. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261482
Im guessing pfSense will be waiting for a release from FreeBSD before a new release is out?
-
@ryan-vines
polkit is not part of base FreeBSD or pfSense. AFAIK, no packages require it. -
polkit is not a part of pfSense, nor is it available in our package repository, either directly or as a dependency.
Given that polkit is usually a part of a graphical console environment (think: X.org and similar) that is unlikely to have been installed on a firewall anyhow. That said, similar to the situation with log4j, we can't always control what people pull in manually from third party repositories, so maybe if someone did something really bizarre they might have to manually track down and install an update, but since it didn't come from Netgate, there isn't anything we can do.