Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-1898

Опубликовано: 17 мая 2022
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2022-1898: fapolicyd security, bug fix, and enhancement update (MODERATE)

[1.1-6.0.1]

  • Increase db_max_size to 100M

[1.1-6]

  • CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path Resolves: rhbz#2069120

[1.1-4] RHEL 8.6.0 ERRATUM

  • fapolicyd denies access to /usr/lib64/ld-2.28.so Resolves: rhbz#2066300

[1.1-1] RHEL 8.6.0 ERRATUM

  • rebase to 1.1 Resolves: rhbz#1939379
  • introduce rules.d feature Resolves: rhbz#2054741
  • remove pretrans scriptlet Resolves: rhbz#2051485

[1.0.4-2] RHEL 8.6.0 ERRATUM

  • rebase to 1.0.4
  • added rpm_sha256_only option
  • added trust.d directory
  • allow file names with whitespace in trust files
  • use full paths in trust files Resolves: rhbz#1939379
  • fix libc.so getting identified as application/x-executable Resolves: rhbz#1989272
  • fix fapolicyd-dnf-plugin reporting as '' Resolves: rhbz#1997414
  • fix selinux DSP module definition in spec file Resolves: rhbz#2014445

[1.0.2-7]

  • fapolicyd abnormally exits by executing sosreport
  • fixed multiple problems with unlink()
  • fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1943251

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

fapolicyd

1.1-6.0.1.el8

fapolicyd-selinux

1.1-6.0.1.el8

Oracle Linux x86_64

fapolicyd

1.1-6.0.1.el8

fapolicyd-selinux

1.1-6.0.1.el8

Связанные CVE

CVE-2022-1117

Ссылки на источники

Связанные уязвимости

redhat логотип

CVE-2022-1117

CVSS3: 8.4
redhat
почти 4 года назад

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

nvd логотип

CVE-2022-1117

CVSS3: 8.4
nvd
больше 3 лет назад

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

msrc логотип

CVE-2022-1117

CVSS3: 8.4
msrc
больше 3 лет назад

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

rocky логотип

RLSA-2022:1898

rocky
больше 3 лет назад

Moderate: fapolicyd security, bug fix, and enhancement update

github логотип

GHSA-8m6j-c7jr-pc5f

CVSS3: 8.4
github
больше 3 лет назад

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.