We have been made aware of the recently disclosed Polkit escalation vulnerability, commonly referred to as "PwnKit." This impacts nearly all major Linux distributions, which rely on Policy Kit.

All Turnkey Internet and HostPC shared hosting systems have been updated to mitigate this vulnerability.

How to tell if you're affected

Check your package manager's update logs. If Polkit has not been updated after or on January 26, 2022, then your version is most likely affected.

How to fix the vulnerability

All users running Linux, or Unix-like operating system that use Polkit are strongly urged to update to the latest version using their system's package managers. Major Linux distributions, including Ubuntu, Debian, SuSE, and CentOS have released patches for their currently-supported products.

For further information on this vulnerability, please review the Qualys analysis, found here: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Please note that this vulnerability can only be exploited by local users, meaning that a malicious actor would first need to gain access to the system via a public-facing, vulnerable application. In addition to patching system software via OS package managers, customers are also strongly urged to maintain up-to-date software for public-facing assets, such as WordPress or other web applications.

If you have any questions or concerns please do not hesitate to reach out to our customer care team at helpdesk@turnkeyinternet.net or call 877-539-4638.