USN-3717-1: PolicyKit vulnerabilities


#1

The USN-3717-1: PolicyKit vulnerabilities are fixed automatically and installed on SecureDrop production instances. I received the following OSSEC alerts, on both mon and app.



OSSEC HIDS Notification.
2018 Jul 17 04:14:17

Received From: mon->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkttyagent'
Size changed from '10624' to '14720'
Old md5sum was: 'cbf1a333c087cc4fdeac75ee9d308ed7'
New md5sum is : '979d4c06838a4b85fd2bbc6a710d0bbd'
Old sha1sum was: 'b377455e6c19baf1f36c028f44cf84bda45f10f1'
New sha1sum is : 'f1d24d7c375e1d409e93989bd23e11a52938058f'

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:17

Received From: mon->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkaction'
Old md5sum was: '829573442562e6a7a0f73941e62596da'
New md5sum is : '7b3aac3777d436d704b3f04fd5627e3f'
Old sha1sum was: 'e56170204bd82193e7ccec83d1a63e5f7374f70f'
New sha1sum is : '088d2cb843e97e87cb82ef630ff511f8bb620dd5'

 --END OF NOTIFICATION
 

OSSEC HIDS Notification.
2018 Jul 17 04:14:17

Received From: mon->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkcheck'
Old md5sum was: 'beec5734f8aaf85137238a741af1d4de'
New md5sum is : 'f77a5499da776bb7f1983a7c05e2f063'
Old sha1sum was: 'f07543d1d4b56b0cd07d1f3187f85f5a240c5fcd'
New sha1sum is : 'c98f59f3e9cc986d828feffe5f12dca35976fd1c'

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:17

Received From: mon->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkttyagent'
Size changed from '10624' to '14720'
Old md5sum was: 'cbf1a333c087cc4fdeac75ee9d308ed7'
New md5sum is : '979d4c06838a4b85fd2bbc6a710d0bbd'
Old sha1sum was: 'b377455e6c19baf1f36c028f44cf84bda45f10f1'
New sha1sum is : 'f1d24d7c375e1d409e93989bd23e11a52938058f'

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:17

Received From: mon->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkexec'
Permissions changed from 'rwsr-xr-x' to 'rwxr-xr-x'
Old md5sum was: '0c4923d808eaf0e68cce810d7404255c'
New md5sum is : '8913cc8cad1dfcd1e605e5afdb2ab4f8'
Old sha1sum was: 'c81139a22efca4c4bee11ad4782412b5e786c9a9'
New sha1sum is : 'bbf49b9c24405bc4135f73b060486180f4e59b13'

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:19

Received From: mon->/var/log/dpkg.log
Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed."
Portion of the log(s):

2018-07-17 04:14:18 status installed man-db:amd64 2.6.7.1-1ubuntu1

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:19

Received From: mon->/var/log/dpkg.log
Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed."
Portion of the log(s):

2018-07-17 04:14:19 status installed libpolkit-gobject-1-0:amd64 0.105-4ubuntu3.14.04.2

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:19

Received From: mon->/var/log/dpkg.log
Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed."
Portion of the log(s):

2018-07-17 04:14:19 status installed libpolkit-agent-1-0:amd64 0.105-4ubuntu3.14.04.2

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2018 Jul 17 04:14:20

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/pkexec'
Permissions changed from 'rwxr-xr-x' to 'rwsr-xr-x'

 --END OF NOTIFICATION