policycoreutils-2.5-22.el7
エラータID: AXSA:2018-2922:01
リリース日:
2018/04/18 Wednesday - 11:50
題名:
policycoreutils-2.5-22.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- ファイルシステムのコンテキストの再ラベル付けにシンボリックリンク攻撃
の問題があり,ローカルの権限のない悪意のあるエンティティが任意のファ
イルの SELinux のコンテキストを制限の少ないコンテキストに変更する脆弱
性があります。(CVE-2018-1063)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-1063
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
追加情報:
N/A
ダウンロード:
SRPMS
- policycoreutils-2.5-22.el7.src.rpm
MD5: cf98317fb17bfe05bcd4efd8d74b420f
SHA-256: ba875186ba333d1d4c8372b4a5c966a91aaf3c0f3a3d119650401d1f5b5f291a
Size: 8.66 MB
Asianux Server 7 for x86_64
- policycoreutils-2.5-22.el7.x86_64.rpm
MD5: 3a7a125e6181d0c324839ad1c943129f
SHA-256: 607af357aa34c4cbd69e6d49387b8ea62589f821a00e12a75ceb535bc8e989b1
Size: 865.76 kB - policycoreutils-devel-2.5-22.el7.x86_64.rpm
MD5: 2ce3c39e17580017c03103f8cf6e9ff9
SHA-256: 1bf4a1b9debd8501378ef25e59751b2c980e336664dedd9940e350b88cb85a2e
Size: 331.86 kB - policycoreutils-gui-2.5-22.el7.x86_64.rpm
MD5: 748f28de6f06eec83c865b02c0d162e1
SHA-256: 96c7936958c9be4a5f4c6f4ee9d948718bb8cd69f598559ee9386623eb1fc82a
Size: 1.70 MB - policycoreutils-newrole-2.5-22.el7.x86_64.rpm
MD5: 8149de4aa8594190bf16308f9d36da24
SHA-256: 5e5837c98884ad9abef927f81ed1cadbf40461144e12f4159eee752d232f299f
Size: 168.47 kB - policycoreutils-python-2.5-22.el7.x86_64.rpm
MD5: c4e37179db4dd58bb31266e785ea1c52
SHA-256: f12e38284080b8f3080879ff4d045c057bdaf1c575a9e9ae5d1fc6cf3cd10b73
Size: 453.17 kB - policycoreutils-sandbox-2.5-22.el7.x86_64.rpm
MD5: aa3cc00fe8cbee741a20885386a1ba6e
SHA-256: c215574caf183b87179ded2794dd747877a668bc843e3885377db2474fad75a6
Size: 168.54 kB - policycoreutils-devel-2.5-22.el7.i686.rpm
MD5: 38959007053d0bfd78a990d0955a5774
SHA-256: 7bdbb1d8ffebf3243460b589ff03c9c7ddb249e4221c2feda45335517199e562
Size: 326.18 kB