drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in policycoreutils
Name: |
Unsichere Verwendung temporärer Dateien in policycoreutils |
|
ID: |
FEDORA-2011-3043 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
So, 20. März 2011, 12:27 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011 |
|
Applikationen: |
policycoreutils |
|
Originalnachricht |
Name : policycoreutils Product : Fedora 14 Version : 2.0.85 Release : 19.fc14 URL : http://www.selinuxproject.org Summary : SELinux policy core utilities Description : Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context.
------------------------------------------------------------------------------- - Update Information:
This fixes the problem with seunshare causing applications to mistakenly use the /tmp directory in an unsafe manner.
CVE-2011-1011 ------------------------------------------------------------------------------- - ChangeLog:
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19 - Fix portspage in system-config-selinux to not crash - More fixes for seunshare from Tomas Hoger * Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18 - put back in old handling of -T in sandbox command - Put back setsid in seunshare - Fix rsync to maintain times * Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17 - Use rewritten seunshare from thoger * Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16 - Require python-IPy for policycoreutils-python package - Fixes for sepologen - Usage statement needs -n name - Names with _ are being prevented - dbus apps should get _chat interface * Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15 - Fix error message in seunshare, check for tmpdir existance before unlink. * Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13 - Rewrite seunshare to make sure /tmp is mounted stickybit owned by root - Only allow names in polgengui that contain letters and numbers - Fix up node handling in semanage command - Update translations * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11 - Fix sandbox policy creation with udp connect ports * Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10 - Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name - Cleanup chcat man page * Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9 - Report full errors on OSError on Sandbox * Fri Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8 - Fix newrole hanlding of pcap * Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7 - Have restorecond watch more directories in homedir * Fri Jan 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-6 - Add sandbox to sepolgen * Thu Jan 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-4 - Fix proper handling of getopt errors - Do not allow modules names to contain spaces * Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-3 - Polgengui raises the wrong type of exception. #471078 - Change semanage to not allow it to semanage module -D - Change setsebool to suggest run as root on failure * Wed Dec 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-2 - Fix restorecond watching utmp file for people logging in our out * Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-1 - Update to upstream * Thu Dec 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-5 - Change to allow sandbox to run on nfs homedirs, add start python script * Wed Dec 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-4 - Move seunshare to sandbox package * Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-3 - Fix sandbox to show correct types in usage statement * Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-2 - Stop fixfiles from complaining about missing dirs * Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-1 - Update to upstream - List types available for sandbox in usage statement * Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-37 - Don't report error on load_policy when system is disabled. * Mon Nov 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-36 - Fix up problems pointed out by solar designer on dropping capabilities * Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-35 - Check if you have full privs and reset otherwise dont drop caps * Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-34 - Fix setools require line * Fri Oct 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-33 - Move /etc/pam.d/newrole in to polcicycoreutils-newrole - Additiona capability checking in sepolgen * Mon Oct 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-32 - Remove setuid flag and replace with file capabilities - Fix sandbox handling of files with spaces in them * Wed Sep 29 2010 jkeating - 2.0.83-31 - Rebuilt for gcc bug 634757 * Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-30 - Move restorecond into its own subpackage * Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-29 - Fix semanage man page ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #674615 - sandbox shows incomplete error messages from exceptions https://bugzilla.redhat.com/show_bug.cgi?id=674615 [ 2 ] Bug #674945 - chcat man page typo - s/seuser/seusers/ https://bugzilla.redhat.com/show_bug.cgi?id=674945 [ 3 ] Bug #662938 - SELinux is preventing /usr/bin/newrole "setpcap" access . https://bugzilla.redhat.com/show_bug.cgi?id=662938 [ 4 ] Bug #665455 - [abrt] policycoreutils-gui-2.0.83-28.fc14: seobject.py:1936:get_all:TypeError: 'int' object is not iterable https://bugzilla.redhat.com/show_bug.cgi?id=665455 [ 5 ] Bug #662159 - [abrt] policycoreutils-gui-2.0.83-33.2.fc14: polgen.py:405:set_init_script:ValueError: Only Daemon apps can use an init script.. https://bugzilla.redhat.com/show_bug.cgi?id=662159 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update policycoreutils' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|