ELSA-2016-2702 -- Oracle policycoreutilsID: oval:org.secpod.oval:def:1501665 | Date: (C)2016-11-16 (M)2023-12-20 |
Class: PATCH | Family: unix |
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox