Ubuntu 5391-1: libsepol vulnerabilities | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
==========================================================================
Ubuntu Security Notice USN-5391-1
April 27, 2022

libsepol vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in libsepol.

Software Description:
- libsepol: SELinux library for manipulating binary security policies

Details:

Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
   libsepol1                       3.1-1ubuntu2.1
   sepol-utils                     3.1-1ubuntu2.1

Ubuntu 20.04 LTS:
   libsepol1                       3.0-1ubuntu0.1
   sepol-utils                     3.0-1ubuntu0.1

Ubuntu 18.04 LTS:
   libsepol1                       2.7-1ubuntu0.1
   sepol-utils                     2.7-1ubuntu0.1

Ubuntu 16.04 ESM:
   libsepol1                       2.4-2ubuntu0.1~esm1
   sepol-utils                     2.4-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5391-1
   CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087

Package Information:
   https://launchpad.net/ubuntu/+source/libsepol/3.1-1ubuntu2.1
   https://launchpad.net/ubuntu/+source/libsepol/3.0-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/libsepol/2.7-1ubuntu0.1

Ubuntu 5391-1: libsepol vulnerabilities

April 27, 2022
Several security issues were fixed in libsepol.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in libsepol. Software Description: - libsepol: SELinux library for manipulating binary security policies Details: Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36084) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36085) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086) It was discovered that libsepol incorrectly validated certain data, leading to a heap overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36087)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10:   libsepol1                       3.1-1ubuntu2.1   sepol-utils                     3.1-1ubuntu2.1 Ubuntu 20.04 LTS:   libsepol1                       3.0-1ubuntu0.1   sepol-utils                     3.0-1ubuntu0.1 Ubuntu 18.04 LTS:   libsepol1                       2.7-1ubuntu0.1   sepol-utils                     2.7-1ubuntu0.1 Ubuntu 16.04 ESM:   libsepol1                       2.4-2ubuntu0.1~esm1   sepol-utils                     2.4-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5391-1

  CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087

Severity
Ubuntu Security Notice USN-5391-1

Package Information

  https://launchpad.net/ubuntu/+source/libsepol/3.1-1ubuntu2.1   https://launchpad.net/ubuntu/+source/libsepol/3.0-1ubuntu0.1   https://launchpad.net/ubuntu/+source/libsepol/2.7-1ubuntu0.1

Related News

Important Linux Kernel DoS, Code Execution Bugs Fixed

Important Fix for c-ares DoS Bug Released

Linux Kernel DoS, Info Disclosure Bugs Fixed

The Secure Programmable Router Project Puts Your Network Back Under Your Control with a Raspberry Pi

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy