LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: policycoreutils on SL6.x i386/x86_64
From:	Jason Harrington <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 5 Apr 2011 16:33:53 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

Synopsis:   Important: policycoreutils security update
Issue date: 2011-04-04
CVE Names:  CVE-2011-1011

The policycoreutils packages contain the core utilities that are
required for the basic operation of a Security-Enhanced Linux (SELinux)
system and its policies.

It was discovered that the seunshare utility did not enforce proper file
permissions on the directory used as an alternate temporary directory
mounted as /tmp/. A local user could use this flaw to overwrite files 
or, possibly, execute arbitrary code with the privileges of a setuid or
setgid application that relies on proper /tmp/ permissions, by running 
that application via seunshare. (CVE-2011-1011)

This update also introduces the following changes:

* The seunshare utility was moved from the main policycoreutils 
subpackage to the policycoreutils-sandbox subpackage. This utility is 
only required by the sandbox feature and does not need to be installed 
by default.

* Updated selinux-policy packages that add the SELinux policy changes
required by the seunshare fixes.

All policycoreutils users should upgrade to these updated packages, 
which correct this issue.

SL 6.x
     SRPMS:
         policycoreutils-2.0.83-19.8.el6_0.src.rpm
         selinux-policy-3.7.19-54.el6_0.5.src.rpm

     i386:
         policycoreutils-2.0.83-19.8.el6_0.i686.rpm
         policycoreutils-gui-2.0.83-19.8.el6_0.i686.rpm
         policycoreutils-newrole-2.0.83-19.8.el6_0.i686.rpm
         policycoreutils-python-2.0.83-19.8.el6_0.i686.rpm
         policycoreutils-sandbox-2.0.83-19.8.el6_0.i686.rpm
         selinux-policy-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-doc-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-minimum-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-mls-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-targeted-3.7.19-54.el6_0.5.noarch.rpm

     x86_64:
         policycoreutils-2.0.83-19.8.el6_0.x86_64.rpm
         policycoreutils-gui-2.0.83-19.8.el6_0.x86_64.rpm
         policycoreutils-newrole-2.0.83-19.8.el6_0.x86_64.rpm
         policycoreutils-python-2.0.83-19.8.el6_0.x86_64.rpm
         policycoreutils-sandbox-2.0.83-19.8.el6_0.x86_64.rpm
         selinux-policy-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-doc-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-minimum-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-mls-3.7.19-54.el6_0.5.noarch.rpm
         selinux-policy-targeted-3.7.19-54.el6_0.5.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV