Have a look at my other post for more thoughts on this particular vulnerability PwnKit - CVE-2021-4034
As mentioned previously, this isn’t recommended, but you are always welcome to try - I haven’t run into any issues on my system (but it’s a custom build)
___
/\_ \ __
__ __ ___\//\ \ __ __ ___ ___ /\_\ ___
/\ \/\ \ / __`\\ \ \ /\ \/\ \ /' __` __`\/\ \ / __`\
\ \ \_/ |/\ \L\ \\_\ \_\ \ \_\ \/\ \/\ \/\ \ \ \/\ \L\ \
\ \___/ \ \____//\____\\ \____/\ \_\ \_\ \_\ \_\ \____/
\/__/ \/___/ \/____/ \/___/ \/_/\/_/\/_/\/_/\/___/
Free Audiophile Linux Music Player - Version 2.0
© 2015-2020 Michelangelo Guarise - Volumio Team - Volumio.org
Volumio Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Welcome to Volumio for Raspberry Pi (5.10.50-v7l+ armv7l)
Last login: Sat Jan 22 07:30:27 2022 from 192.168.1.124
volumio@pi:~$
volumio@pi:~$ sudo apt update
[sudo] password for volumio:
Get:1 http://raspbian.raspberrypi.org/raspbian bullseye InRelease [15.0 kB]
Get:2 http://archive.raspberrypi.org/debian bullseye InRelease [23.5 kB]
Hit:3 https://deb.nodesource.com/node_14.x bullseye InRelease
Hit:4 https://www.lesbonscomptes.com/upmpdcli/downloads/raspbian bullseye InRelease
Get:5 http://raspbian.raspberrypi.org/raspbian bullseye/main armhf Packages [13.2 MB]
Get:6 http://archive.raspberrypi.org/debian bullseye/main armhf Packages [247 kB]
Fetched 13.5 MB in 5s (2549 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
volumio@pi:~$ apt list --upgradable
Listing... Done
bsdutils/stable 1:2.36.1-8+deb11u1 armhf [upgradable from: 1:2.36.1-8]
libblkid1/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
libmount1/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
libpolkit-agent-1-0/stable 0.105-31+rpt1+deb11u1 armhf [upgradable from: 0.105-31+rpt1]
libpolkit-gobject-1-0/stable 0.105-31+rpt1+deb11u1 armhf [upgradable from: 0.105-31+rpt1]
libsmartcols1/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
libuuid1/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
mount/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
policykit-1/stable 0.105-31+rpt1+deb11u1 armhf [upgradable from: 0.105-31+rpt1]
rfkill/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
rpi-eeprom/stable 13.5-1 armhf [upgradable from: 13.4-1]
util-linux/stable 2.36.1-8+deb11u1 armhf [upgradable from: 2.36.1-8]
volumio@pi:~$ sudo apt upgrade
(Reading database ... 39184 files and directories currently installed.)
Preparing to unpack .../libsmartcols1_2.36.1-8+deb11u1_armhf.deb ...
Unpacking libsmartcols1:armhf (2.36.1-8+deb11u1) over (2.36.1-8) ...
Setting up libsmartcols1:armhf (2.36.1-8+deb11u1) ...
(Reading database ... 39184 files and directories currently installed.)
Preparing to unpack .../libuuid1_2.36.1-8+deb11u1_armhf.deb ...
Unpacking libuuid1:armhf (2.36.1-8+deb11u1) over (2.36.1-8) ...
Setting up libuuid1:armhf (2.36.1-8+deb11u1) ...
(Reading database ... 39184 files and directories currently installed.)
Preparing to unpack .../policykit-1_0.105-31+rpt1+deb11u1_armhf.deb ...
Unpacking policykit-1 (0.105-31+rpt1+deb11u1) over (0.105-31+rpt1) ...
Preparing to unpack .../libpolkit-agent-1-0_0.105-31+rpt1+deb11u1_armhf.deb ...
Unpacking libpolkit-agent-1-0:armhf (0.105-31+rpt1+deb11u1) over (0.105-31+rpt1) ...
Preparing to unpack .../libpolkit-gobject-1-0_0.105-31+rpt1+deb11u1_armhf.deb ...
Unpacking libpolkit-gobject-1-0:armhf (0.105-31+rpt1+deb11u1) over (0.105-31+rpt1) ...
Preparing to unpack .../rfkill_2.36.1-8+deb11u1_armhf.deb ...
Unpacking rfkill (2.36.1-8+deb11u1) over (2.36.1-8) ...
Preparing to unpack .../rpi-eeprom_13.5-1_armhf.deb ...
Unpacking rpi-eeprom (13.5-1) over (13.4-1) ...
Setting up rfkill (2.36.1-8+deb11u1) ...
Setting up mount (2.36.1-8+deb11u1) ...
Setting up rpi-eeprom (13.5-1) ...
Setting up libpolkit-gobject-1-0:armhf (0.105-31+rpt1+deb11u1) ...
Setting up libpolkit-agent-1-0:armhf (0.105-31+rpt1+deb11u1) ...
Setting up policykit-1 (0.105-31+rpt1+deb11u1) ...
Processing triggers for dbus (1.12.20-2) ...
Processing triggers for libc-bin (2.31-13+rpt2+rpi1+deb11u2) ...
volumio@pi:~$ uptime
08:43:12 up 100 days, 23:38, 1 user, load average: 0.28, 0.11, 0.04
volumio@pi:~$
Anyway, there should be an OTA update (v3.207) from Volumio that contains the fixed package, but IMO it’s not a critical vulnerability…