AXSA:2021-1453:03

リリース日: 
2021/02/12 Friday - 02:48
題名: 
fapolicyd-1.0-3.el8.4
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.

Bug Fix(es):

* When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.

With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.

* Adding DISA STIG during OS installation causes 'ipa-server-install' to fail

Note: Due to the high impact of the issue that can cause systems to become unable to boot, we are releasing the same fix again in a security erratum to ensure proper visibility to users who only install security updates. This fix has not been changed in any way since the original bug fix erratum. This erratum does not provide any security fixes.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. fapolicyd-1.0-3.el8.4.src.rpm
    MD5: c4f0ba0fc6d82735d8541e624058d4f0
    SHA-256: df409e55e69d3d8cce5db29bd5bede437f506e08d276658ad336ec16808ed0f4
    Size: 121.77 kB

Asianux Server 8 for x86_64
  1. fapolicyd-1.0-3.el8.4.x86_64.rpm
    MD5: b70e73964ff9e937f688151a61c5fc72
    SHA-256: e70959ebc59113c237a56642d80f2c8564b31735cbd309e25eb06304448d33a7
    Size: 98.93 kB
Copyright© 2007-2015 Asianux. All rights reserved.