CESA-2016:2702 -- centos 7 policycoreutilsID: oval:org.secpod.oval:def:204144 | Date: (C)2017-03-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox