Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SciLinux: Important Update for Policycoreutils - Security Risk Identified

Calendar Apr 05, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory local privilege escalation policycoreutils important update scientific linux seunshare issue
Important: policycoreutils security update 
Date: Tue, 5 Apr 2011 16:33:53 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Jason Harrington 
Organization: FNAL/CD/REX/SAG
Subject: Security ERRATA Important: policycoreutils on SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.
MIME-Version: 1.0

Synopsis: Important: policycoreutils security update
Issue date: 2011-04-04
CVE Names: CVE-2011-1011

The policycoreutils packages contain the core utilities that are
required for the basic operation of a Security-Enhanced Linux (SELinux)
system and its policies.

It was discovered that the seunshare utility did not enforce proper file
permissions on the directory used as an alternate temporary directory
mounted as /tmp/. A local user could use this flaw to overwrite files
or, possibly, execute arbitrary code with the privileges of a setuid or
setgid application that relies on proper /tmp/ permissions, by running
that application via seunshare. (CVE-2011-1011)

This update also introduces the following changes:

* The seunshare utility was moved from the main policycoreutils
subpackage to the policycoreutils-sandbox subpackage. This utility is
only required by the sandbox feature and does not need to be installed
by default.

* Updated selinux-policy packages that add the SELinux policy changes
required by the seunshare fixes.

All policycoreutils users should upgrade to these updated packages,
which correct this issue.

SL 6.x
 SRPMS:
 policycoreutils-2.0.83-19.8.el6_0.src.rpm
 selinux-policy-3.7.19-54.el6_0.5.src.rpm

 i386:
 policycoreutils-2.0.83-19.8.el6_0.i686.rpm
 policycoreutils-gui-2.0.83-19.8.el6_0.i686.rpm
 policycoreutils-newrole-2.0.83-19.8.el6_0.i686.rpm
 policycoreutils-python-2.0.83-19.8.el6_0.i686.rpm
 policycoreutils-sandbox-2.0.83-19.8.el6_0.i686.rpm
 selinux-policy-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-doc-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-minimum-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-mls-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-targeted-3.7.19-54.el6_0.5.noarch.rpm

 x86_64:
 policycoreutils-2.0.83-19.8.el6_0.x86_64.rpm
 policycoreutils-gui-2.0.83-19.8.el6_0.x86_64.rpm
 policycoreutils-newrole-2.0.83-19.8.el6_0.x86_64.rpm
 policycoreutils-python-2.0.83-19.8.el6_0.x86_64.rpm
 policycoreutils-sandbox-2.0.83-19.8.el6_0.x86_64.rpm
 selinux-policy-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-doc-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-minimum-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-mls-3.7.19-54.el6_0.5.noarch.rpm
 selinux-policy-targeted-3.7.19-54.el6_0.5.noarch.rpm

- Scientific Linux Development Team
Your message here