New IP Office Vulnerability (polkit (formerly PolicyKit)

[NYSTECH]

I have been looking on the Avaya support site and else where to see if the IP Office SE would be affected but this but, can't really find a clear answer. The below article mention the CentOs. Hoping we don't need to do another round of patches I am still doing LOG4J updates

https://www.zdnet.com/article/major...lnerability-uncovered-pwnkit/#ftag=RSSbaffb68

Any insight on this would be helpful.

 

[IPGuru]

This particular Linux Vaunerability can only be expolited by someone who has already gained access to the system, so on its own it is not a high risk.
I think with an IP Office if someone has access to a user account, they can do more than enough damage withut becoming root

Do things on the cheap & it will cost you dear

Avaya Remote Support Engineer (A.R.S.E)

 

[NYSTECH]

I thought I would send update.

https://support.avaya.com/ext/index?page=content&id=SOLN368285

looks like if you 11.0 or later you will need to upgrade to New Release 11.1 FP2 SP2 upcoming end of February 2022.

Uggggggggggggggggggggggggggggg

 

[bignose21]

NYSTECH is there any Release notes or details of what will be in SP2? Already went to 11.1 FP2 for Log4j so wonder if they will sort out the obsolete PHP that's on the server edition.

 

[NYSTECH]

I have not seen any release not yet. I did get confirmation that there will also be a patch for 11.0 version and the UCM.

Just like Log4J issue.