Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 21.10: USN-5391-1 Critical Libsepol Denial of Service Issue

ubuntu
Calendar Grey April 27, 2022
Dist Ubuntu Esm H88
A series of vulnerabilities in libsepol have been patched in Ubuntu via package updates, impacting various versions.
Several security issues were fixed in libsepol.

Summary

Several security issues were fixed in libsepol.

Software Description:

- libsepol: SELinux library for manipulating binary security policies

Details:

Nicolas Iooss discovered that libsepol incorrectly handled memory

when handling policies. An attacker could possibly use this issue

to cause a crash, resulting in a denial of service, or possibly

execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when

handling policies. An attacker could possibly use this issue to cause

a crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when

handling policies. An attacker could possibly use this issue to cause

a crash, resulting in a denial of service, or possibly execute

arbitrary code. This issue only affects Ubuntu 18.04 LTS,

Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
   libsepol1                       3.1-1ubuntu2.1
   sepol-utils                     3.1-1ubuntu2.1

Ubuntu 20.04 LTS:
   libsepol1                       3.0-1ubuntu0.1
   sepol-utils                     3.0-1ubuntu0.1

Ubuntu 18.04 LTS:
   libsepol1                       2.7-1ubuntu0.1
   sepol-utils                     2.7-1ubuntu0.1

Ubuntu 16.04 ESM:
   libsepol1                       2.4-2ubuntu0.1~esm1
   sepol-utils                     2.4-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

    CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087

Severity
critical
Lowest
Low
Medium
High
Critical

April 27, 2022

Package Information

  https://launchpad.net/ubuntu/+source/libsepol/3.1-1ubuntu2.1
  https://launchpad.net/ubuntu/+source/libsepol/3.0-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/libsepol/2.7-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.