libsepol-2.9-3.el8
エラータID: AXSA:2021-2596:02
The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings).
Security Fix(es):
* libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084)
* libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085)
* libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086)
* libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-36084
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
Update packages.
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
N/A
SRPMS
- libsepol-2.9-3.el8.src.rpm
MD5: 4c5792df8813274cdcb5d3c656cc61b0
SHA-256: 2242a97a819cd4d2ee4c18da31f140a02bf070c294af77bc5dab88d005cbc396
Size: 548.32 kB
Asianux Server 8 for x86_64
- libsepol-2.9-3.el8.x86_64.rpm
MD5: b3f4f38a1dde694564a20c7691f5fbd4
SHA-256: dd990c52fcc7f21e0eb974b68711618caf777995de02f07e1516a3dd60b29bae
Size: 338.83 kB - libsepol-devel-2.9-3.el8.x86_64.rpm
MD5: f19fa50981df608915dc2dafaa22ad76
SHA-256: 1fb4347015ae968333c50441b636c049f1d0d4c77dddcfb3e5142aa538c5073b
Size: 85.89 kB - libsepol-static-2.9-3.el8.x86_64.rpm
MD5: e734ae085bb783ca440aa5cb9da48947
SHA-256: cd317a60b4f3dfbe881dbb1bda9e66a7b1e24f4b76572286a898d3637b7d1edc
Size: 417.39 kB - libsepol-2.9-3.el8.i686.rpm
MD5: 9e47e7a2b49b9b198114e0463f3cb402
SHA-256: f69908d91614d1bf936f1b4a6a337ea1ea11ef205bdaeb09f6d2acecc6a7e92d
Size: 365.21 kB - libsepol-devel-2.9-3.el8.i686.rpm
MD5: f089473c912ad8e3a091ad32c48d1dd7
SHA-256: 3e8d94029fe2a6f67602cb94c265350ca8b79a173d2dd2a3302c9144053262e9
Size: 85.91 kB - libsepol-static-2.9-3.el8.i686.rpm
MD5: 0967f8d7fefa094c05ac1928bb48c107
SHA-256: 6ae71e49cc4bc803130cc7cd937776168d7cb5a28842eddf65975bac255e04d1
Size: 457.35 kB