Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Science Linux 6: SLSA-2016:2702-1 Critical: policycoreutils TIOCSTI Risk

Calendar Nov 21, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory security update important policycoreutils sandbox SL6 TIOCSTI
Important: policycoreutils security update 
Date: Mon, 21 Nov 2016 18:20:08 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: policycoreutils on SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20161121182008.31603.87079@slpackages.fnal.gov>

Synopsis: Important: policycoreutils security update
Advisory ID: SLSA-2016:2702-1
Issue Date: 2016-11-14
CVE Numbers: CVE-2016-7545
--

Security Fix(es):

* It was found that the sandbox tool provided in policycoreutils was
vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed
via the sandbox command could use this flaw to execute arbitrary commands
in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)
--

SL6
 x86_64
 policycoreutils-2.0.83-30.1.el6_8.x86_64.rpm
 policycoreutils-debuginfo-2.0.83-30.1.el6_8.x86_64.rpm
 policycoreutils-gui-2.0.83-30.1.el6_8.x86_64.rpm
 policycoreutils-newrole-2.0.83-30.1.el6_8.x86_64.rpm
 policycoreutils-python-2.0.83-30.1.el6_8.x86_64.rpm
 policycoreutils-sandbox-2.0.83-30.1.el6_8.x86_64.rpm
 i386
 policycoreutils-2.0.83-30.1.el6_8.i686.rpm
 policycoreutils-debuginfo-2.0.83-30.1.el6_8.i686.rpm
 policycoreutils-gui-2.0.83-30.1.el6_8.i686.rpm
 policycoreutils-newrole-2.0.83-30.1.el6_8.i686.rpm
 policycoreutils-python-2.0.83-30.1.el6_8.i686.rpm
 policycoreutils-sandbox-2.0.83-30.1.el6_8.i686.rpm
SL7
 x86_64
 policycoreutils-2.5-9.el7.x86_64.rpm
 policycoreutils-debuginfo-2.5-9.el7.i686.rpm
 policycoreutils-debuginfo-2.5-9.el7.x86_64.rpm
 policycoreutils-devel-2.5-9.el7.i686.rpm
 policycoreutils-devel-2.5-9.el7.x86_64.rpm
 policycoreutils-gui-2.5-9.el7.x86_64.rpm
 policycoreutils-newrole-2.5-9.el7.x86_64.rpm
 policycoreutils-python-2.5-9.el7.x86_64.rpm
 policycoreutils-sandbox-2.5-9.el7.x86_64.rpm
 policycoreutils-restorecond-2.5-9.el7.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here