drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in policycoreutils
| Name: |
Unsichere Verwendung temporärer Dateien in policycoreutils |
|
| ID: |
FEDORA-2011-3043 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 14 |
|
| Datum: |
So, 20. März 2011, 12:27 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011 |
|
| Applikationen: |
policycoreutils |
|
Originalnachricht |
Name : policycoreutils
Product : Fedora 14
Version : 2.0.85
Release : 19.fc14
URL : http://www.selinuxproject.org
Summary : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.
-------------------------------------------------------------------------------
-
Update Information:
This fixes the problem with seunshare causing applications to mistakenly use
the /tmp directory in an unsafe manner.
CVE-2011-1011
-------------------------------------------------------------------------------
-
ChangeLog:
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
- Fix portspage in system-config-selinux to not crash
- More fixes for seunshare from Tomas Hoger
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
- Fix rsync to maintain times
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
- Use rewritten seunshare from thoger
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
- Require python-IPy for policycoreutils-python package
- Fixes for sepologen
- Usage statement needs -n name
- Names with _ are being prevented
- dbus apps should get _chat interface
* Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15
- Fix error message in seunshare, check for tmpdir existance before unlink.
* Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
- Only allow names in polgengui that contain letters and numbers
- Fix up node handling in semanage command
- Update translations
* Wed Feb 9 2011 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 2.0.85-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
- Fix sandbox policy creation with udp connect ports
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
- Cleaup selinux-polgengui to be a little more modern, fix comments and use
selected name
- Cleanup chcat man page
* Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9
- Report full errors on OSError on Sandbox
* Fri Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
- Fix newrole hanlding of pcap
* Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7
- Have restorecond watch more directories in homedir
* Fri Jan 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-6
- Add sandbox to sepolgen
* Thu Jan 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-4
- Fix proper handling of getopt errors
- Do not allow modules names to contain spaces
* Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-3
- Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
* Wed Dec 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-2
- Fix restorecond watching utmp file for people logging in our out
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-1
- Update to upstream
* Thu Dec 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-5
- Change to allow sandbox to run on nfs homedirs, add start python script
* Wed Dec 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-4
- Move seunshare to sandbox package
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-3
- Fix sandbox to show correct types in usage statement
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-2
- Stop fixfiles from complaining about missing dirs
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-1
- Update to upstream
- List types available for sandbox in usage statement
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-37
- Don't report error on load_policy when system is disabled.
* Mon Nov 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-36
- Fix up problems pointed out by solar designer on dropping capabilities
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-35
- Check if you have full privs and reset otherwise dont drop caps
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-34
- Fix setools require line
* Fri Oct 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-33
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability checking in sepolgen
* Mon Oct 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-32
- Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them
* Wed Sep 29 2010 jkeating - 2.0.83-31
- Rebuilt for gcc bug 634757
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-30
- Move restorecond into its own subpackage
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-29
- Fix semanage man page
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #674615 - sandbox shows incomplete error messages from exceptions
https://bugzilla.redhat.com/show_bug.cgi?id=674615
[ 2 ] Bug #674945 - chcat man page typo - s/seuser/seusers/
https://bugzilla.redhat.com/show_bug.cgi?id=674945
[ 3 ] Bug #662938 - SELinux is preventing /usr/bin/newrole "setpcap"
access .
https://bugzilla.redhat.com/show_bug.cgi?id=662938
[ 4 ] Bug #665455 - [abrt] policycoreutils-gui-2.0.83-28.fc14:
seobject.py:1936:get_all:TypeError: 'int' object is not iterable
https://bugzilla.redhat.com/show_bug.cgi?id=665455
[ 5 ] Bug #662159 - [abrt] policycoreutils-gui-2.0.83-33.2.fc14:
polgen.py:405:set_init_script:ValueError: Only Daemon apps can use an init script..
https://bugzilla.redhat.com/show_bug.cgi?id=662159
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
