Last night, security firm Qualys released information about a critical vulnerability in all major Linux distributions.
The vulnerability is due to a bug in the “Polkit” program and is labeled CVE-2021-4034. Polkit is a program that allows unauthorized processes to communicate with authorized processes.
By exploiting the bug in Polkit, a local user can easily gain root privileges on a system. This only applies to local users on your VPS: without already having access to an operating system via SSH or the VPS console in the TransIP control panel, it is not possible to exploit this vulnerability.
Regardless of whether or not there are local users on your VPS, for security reasons it is recommended to update VPS/Servers.
Use the commands below and restart your VPS/servers afterward.
Ubuntu/Debian: sudo apt -y update && sudo apt -y upgrade CentOS/AlmaLinux: sudo yum -y update Fedora: sudo dnf upgrade --refresh