When a project shares an article on an official account and it's not from their own blog, something happens. And no, it has not been to get chest, but to inform the community. It shared by Fedora talks about a bug called PwnKit, and affects several of the most used Linux distributions. Fedora is on the list, which many consider the best example when we want to talk about a distro with GNOME, but also two others that are a little more itchy.
We are not going to go into which option is better, but Debian and Ubuntu are also among those affected allows us to state that the majority of Linux users would be exposed to PwnKit. There are many distributions based on Debian, and many more that already do it on Ubuntu, such as Linux Mint. The list of those directly mentioned would be closed by CentOS and Red Hat, but the rest of us should not stop worrying.
PwnKit exposes most Linux users
The vulnerability is identified as CVE-2021-4034 (here information from Canonical) and is in Polkit's pkexec component, which is the default setting for most Linux distributions. Although it's been around for over a decade, it was released yesterday, January 25, and the patch is coming soon for those who haven't received it already. The worst thing is what the malicious user can do thanks to PwnKit: get super user or root privileges.
Ubuntu and Red Hat have already released a patch to fix the vulnerability in the latest versions, and the rest of the most popular distributions should do so soon. Considering that patches of this type are small updates, it is also it is possible that our Linux distribution has already patched it without us realizing it, but the important thing here is to remember something that we must take into account: it is worth having any operating system up to date, and applying security updates above all.