Описание
Security update for policycoreutils
This update for policycoreutils fixes the following issues:
- CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624).
Список пакетов
SUSE Linux Enterprise Server 12 SP2
policycoreutils-2.5-10.3.1
policycoreutils-python-2.5-10.3.1
SUSE Linux Enterprise Server 12 SP3
policycoreutils-2.5-10.3.1
policycoreutils-python-2.5-10.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
policycoreutils-2.5-10.3.1
policycoreutils-python-2.5-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
policycoreutils-2.5-10.3.1
policycoreutils-python-2.5-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
policycoreutils-2.5-10.3.1
policycoreutils-python-2.5-10.3.1
Ссылки
- Link for SUSE-SU-2018:0926-1
- E-Mail link for SUSE-SU-2018:0926-1
- SUSE Security Ratings
- SUSE Bug 1083624
- SUSE CVE CVE-2018-1063 page
Описание
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:policycoreutils-2.5-10.3.1
SUSE Linux Enterprise Server 12 SP2:policycoreutils-python-2.5-10.3.1
SUSE Linux Enterprise Server 12 SP3:policycoreutils-2.5-10.3.1
SUSE Linux Enterprise Server 12 SP3:policycoreutils-python-2.5-10.3.1
Ссылки
- CVE-2018-1063
- SUSE Bug 1083624