Security Update: Pkexec PwnKit Vulnerability

cnMaestro patches 2.4.2-r31 and 3.0.4-r8 are released to fix an Ubuntu Linux vulnerability in PolicyKit reported on January 25, 2022 (USN-5252-1 and USN-5252-2, based upon CVE-2021-4034). Additional information is available as a Cambium Security Notice.

  • 2.4.2-r31 should be installed on all cnMaestro 2.4.1 and 2.4.2 instances, including both OVA and AMI.

  • 3.0.4-r8 is only required for the 3.0.x AMI.

Note the cnMaestro 3.0.x OVA and 3.1.0 OVA and AMI do not include the package with the vulnerability, so they are not impacted (and therefore do not require this patch).

The patch updates are available for download on Cambium Support Center.

1 Like