ELSA-2016-1267

Опубликовано: 21 июн. 2016

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2016-1267: setroubleshoot and setroubleshoot-plugins security update (IMPORTANT)

setroubleshoot [3.0.47-12.0.1]

Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com

[3.0.47-12]

Don't use command.get*output() Resolves: CVE-2016-4445

setroubleshoot-plugins [3.0.40-3.1.0.1]

Add setroubleshoot-plugins-oracle-enterprise.patch

[3.0.40-3.1]

Don't use commands.get*output() Resolves: CVE-2016-4444, CVE-2016-4446

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

setroubleshoot

3.0.47-12.0.1.el6_8

setroubleshoot-doc

3.0.47-12.0.1.el6_8

setroubleshoot-plugins

3.0.40-3.1.0.1.el6_8

setroubleshoot-server

3.0.47-12.0.1.el6_8

Oracle Linux i686

setroubleshoot

3.0.47-12.0.1.el6_8

setroubleshoot-doc

3.0.47-12.0.1.el6_8

setroubleshoot-plugins

3.0.40-3.1.0.1.el6_8

setroubleshoot-server

3.0.47-12.0.1.el6_8

Oracle Linux sparc64

setroubleshoot

3.0.47-12.0.1.el6_8

setroubleshoot-doc

3.0.47-12.0.1.el6_8

setroubleshoot-plugins

3.0.40-3.1.0.1.el6_8

setroubleshoot-server

3.0.47-12.0.1.el6_8

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2016-1293

oracle-oval

около 9 лет назад

ELSA-2016-1293: setroubleshoot and setroubleshoot-plugins security update (IMPORTANT)

CVE-2016-4445

redhat

около 9 лет назад

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

CVE-2016-4445

CVSS3: 7

nvd

больше 8 лет назад

GHSA-3wff-jp8x-6p8q

CVSS3: 7

github

больше 3 лет назад

CVE-2016-4444

redhat

около 9 лет назад

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.