Ausführen beliebiger Kommandos in setroubleshoot-plugins
ID: | FEDORA-2016-b68f69b086 |
Distribution: | Fedora |
Plattformen: | Fedora 23 |
Datum: | So, 3. Juli 2016, 19:35 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4446 |
Applikationen: | setroubleshoot-plugins |
Originalnachricht |
|
Name : setroubleshoot-plugins Product : Fedora 23 Version : 3.3.5.1 Release : 1.fc23 URL : https://github.com/fedora-selinux/setroubleshoot Summary : Analysis plugins for use with setroubleshoot Description : This package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4446 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin https://bugzilla.redhat.com/show_bug.cgi?id=1339250 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update setroubleshoot-plugins' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org |