|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-638-1 (policycoreutils)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 638-1] policycoreutils security update 


Date:
    	      Sun, 25 Sep 2016 17:05:23 +0100


Message-ID:
    	      <1474819523.1383430.736404569.1B6F0650@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : policycoreutils
Version        : 2.1.10-9+deb7u1
CVE ID         : CVE-2016-7545
Debian Bug     : 838599

It was discovered that there was a sandbox escape via the "TIOCSTI" ioctl in
policycoreutils, a set of programs required for the basic operation of an
SELinux-based system.

For Debian 7 "Wheezy", this issue has been fixed in policycoreutils version
2.1.10-9+deb7u1.

We recommend that you upgrade your policycoreutils packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJX5/W7AAoJEB6VPifUMR5Yf10P+gNNJ/WfqJKmpRtFVj+GPtQ8
9oc1rMj5wr66b+Q17UBIhHFfNrhE1ciMLD5NjVRnmA23RUYK3GiBQp/dCV8nsvbc
hBWGUY/PiUZ3DOI24bpIfjPDXK2q9bHd6AJiRI6iTbL80rCRX6+634VLrsFXsLbC
O1W/kkHKVeAK3CHcdcbvUGFm7vy8MisumfgyyLY97XsEWO3tZpkNZgTUQYkXFiur
9Lv406ru/1Fqry++OsSmV5yWUEhRnWCFxDPFKAh0Jpmyoj73Csxto6NN3frzlHvn
a6lJoJzqC+W1neGaBpDihiZnwHuxDkhTyAy35nNM+kaAelVpl/a+wXqsORLZjjmD
rddjm9FVf2sRm32I1QP329AE7UCGTJbP08d9T0ciRO+L0s3D1FYDUkBKknnqdxNS
Ldx9LfxtAI01RZmkKuWv00QNxuyhPB/nO/NNnSfU9wmyC7LOHwNFnT8ijG07qGzX
ke2cGWtxDO9af4JM3fJ2yXh2L3d430lrZF1H7SzvB11ih7OZ1tzTJ7HXZESS+S3f
GDS6bvAVuVcqXUYzOOwbTH3jAZsr5P/hLIiG98fkIlaqqFK8g1dsLG4MvNLOoFWw
FCoZjDO21RI2lYPYf01GRKG+Fkd200BqskMVa121ygPI6SRUdymv9lcdpkqmb8WB
Un632v3TVE3djOdD9LCx
=PCgN
-----END PGP SIGNATURE-----
(Log in to post comments)


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds