Nick Howitt wrote:

Sad, but, as well as that, there are now 2 unpatched CVE's which Redhat have rated Critical:
CVE-2021-44790 - somewhere in apache/httpd
CVE-2021-44142 - samba

PwnKit (CVE-2021-4034) is not classed as critical by Redhat, just Important and there are a number of other CVE's classified as Important with a higher score than PwnKit which are also needing patches.

It seems that Clearcenter have made an edict about the terms they now want to apply to their staff and the edict is more important than their customers.

The mitigation

For Pwnkit is

chmod 0755 /usr/bin/pkexec

Sort of a bandaid util you get the patches (if they ever come)

The other two cve do not seem to apply first one module is not loaded
Second samba does not have the entry in smb.conf