Download
| Alert*
oval:org.secpod.oval:def:704532
policycoreutils is installed oval:org.secpod.oval:def:501258 policycoreutils is installed oval:org.secpod.oval:def:89044887 This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] oval:org.secpod.oval:def:204144 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:89044581 This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] oval:org.secpod.oval:def:89002332 This update for policycoreutils fixes the following issues: - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug . oval:org.secpod.oval:def:204784 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:500230 The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory moun ... oval:org.secpod.oval:def:1503601 Updated policycoreutils packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:204040 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:1600470 It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox. oval:org.secpod.oval:def:37411 The host is installed with policycoreutils on RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle characters pushed into the terminal's input buffer. Successful exploitation could allow an attacker to escape the sandbox. oval:org.secpod.oval:def:1900478 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. oval:org.secpod.oval:def:501934 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:1501665 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:1501667 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:502260 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:1502172 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1901929 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:2000610 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:1700078 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... |