A serious vulnerability has been discovered in the operating system package PolicyKit which may affect the users of Bright Cluster Manager. The information here is for reference only and users should refer to their operating system vendor for the most accurate and up-to-date information.
Overview
The proof of concept can be used by a local user to elevate their privilege’s to that of root on the system. We strongly suggest that users review the operating system documentation and upgrade or take appropriate mitigation steps on all systems and software images.
- Qualys Announcement
- RedHat Bulletin – Affects RedHat ( and CentOS/Rocky ) versions 6, 7, and 8
- Ubuntu Bulletin 1 and 2 – Affects Ubuntu 20.04, 18.04, and 16.04
- SLES – Affects SLES 12 and 15
Bright Specific Changes
At this time we do not expect any Bright Cluster Manger specific changes beyond those recommendations made by the operating system vendor are needed.