PwnKit vulnerability

Hopefully PureOS devs have plans to get this patched ASAP. Being as PureOS is based on Debian and uses systemd, I have to assume PureOS also has this vulnerability.


As always with a privilege escalation vulnerability,

  • for a personal computer, it will be difficult to exploit, unless used as a blended attack
  • for most of my computers, if there is an untrusted “unprivileged local user” accessing my computer then I already have a major security problem

Anyway, keep an eye on the package version of policykit-1


For Debian:
For Ubuntu:

1 Like

The update is already available in PureOS


Don’t suppose you can post the package version that contains the fix? (for both amber and byzantium and, if relevant, for both Librem 5 and x-86 devices)

it’s this one: policykit-1 - 0.105-31+deb11u1


Got fixed the other day in Linux Mint.


I’m confused about one thing. According to security reports on the internet pkexec should be at version 0.120 to be protected. Am I to understand on debian system 0.105 is a patched version?

The Debian security team often backports patches to the version the current Debian releases shipped with to minimize the risk of the update breaking stuff. So for systems that closely track Debian, you’re probably better off checking if your version is vulnerable. @irvinewade kindly already provided the link for this CVE (

1 Like