setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4, setroubleshoot-3.0.47-12.0.1.AXS4

エラータID: AXSA:2016-543:01

リリース日: 
2016/07/08 Friday - 11:47
題名: 
setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4, setroubleshoot-3.0.47-12.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

[修正内容]
以下項目について対処しました。

[Security Fix]
- 現時点では CVE-2016-4444, CVE-2016-4445, CVE-2016-4446, CVE-2016-4989 の情報が公開されておりません。CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2016-4444
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
CVE-2016-4445
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
CVE-2016-4446
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
CVE-2016-4989
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4.src.rpm
    MD5: c39627d9f1943bb7161df46c60a7effb
    SHA-256: 62ab7de45fe0c3b2af1ac8fca3a4cd0e271fb919fee1e1cda88312af03d3efe8
    Size: 2.02 MB
  2. setroubleshoot-3.0.47-12.0.1.AXS4.src.rpm
    MD5: 2dd89b9c710cfb7fa86c2d6483b8996d
    SHA-256: 7f13c4671518a71a956cd4f48407df84f94d22591028576fee895740063c2061
    Size: 1.52 MB

Asianux Server 4 for x86
  1. setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4.noarch.rpm
    MD5: 8cbdc64c0be18b5a6638f6029a894a2d
    SHA-256: 71fa35b1e16edc46e6764d2f24069977972622ab1b3db6f8534112731c85d918
    Size: 505.59 kB
  2. setroubleshoot-3.0.47-12.0.1.AXS4.i686.rpm
    MD5: d2b37f1aa0907762da608ddcf8a8caab
    SHA-256: 8bc7063bf2c5cc0dba364358194ee96d7f0e3b5a39adea1b0e9ef077e5467737
    Size: 118.28 kB
  3. setroubleshoot-server-3.0.47-12.0.1.AXS4.i686.rpm
    MD5: 6186a39dd6b458a2f33160e5cb37fc4f
    SHA-256: e606ab3f2824cab6c029765347b90a94d1a5a8d9b21e0d011ad3de2211682938
    Size: 1.29 MB

Asianux Server 4 for x86_64
  1. setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4.noarch.rpm
    MD5: b2186e2e625a4f493d2c9fcf74f1f266
    SHA-256: ba49916e58827871f325ad9819eaf9694c06fcd4941919b517424139f1e6ecd4
    Size: 505.16 kB
  2. setroubleshoot-3.0.47-12.0.1.AXS4.x86_64.rpm
    MD5: 3b5c0047c6b58f35fed7a5b961cc3e40
    SHA-256: 7aee797d9a2bbf29c5db5355e86d4d5d2efd29e25fb2d36c06ae065b5b8915de
    Size: 118.29 kB
  3. setroubleshoot-server-3.0.47-12.0.1.AXS4.x86_64.rpm
    MD5: aa8c7d4284830ba6e4c12975fb772804
    SHA-256: 590675e05b6cc5548c8a73438fd0ab97fb9ed6085f375027f34d4c30f4a4a3a2
    Size: 1.29 MB