Red Hat Product Errata RHBA-2012:0158 - Bug Fix Advisory

Issued:: 2012-02-20
Updated:: 2012-02-20

RHBA-2012:0158 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

selinux-policy bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated selinux-policy packages that fix a number of bugs and add various
enhancements are now available for Red Hat Enterprise Linux 5.

Description

The selinux-policy packages contain the rules that govern how confined processes
run in the system.

These updated selinux-policy packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes for
information on the most significant of these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/selinux-policy.html#RHBA-2012-0158

All users of SELinux are advised to upgrade to these updated packages, which
provide numerous bug fixes and enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 693149 - wpa_cli fails to connect to running wpa_supplicant due to selinux
BZ - 709370 - enforcing MLS: mcelog AVC appears
BZ - 715285 - avc: denied { sys_tty_config } for ... comm="sa1" ... scontext=root:system_r:sysstat_t:s0 tcontext=root:system_r:sysstat_t:s0 ...
BZ - 716927 - enforcing MLS: avahi-browse blocked by SELinux
BZ - 716956 - MLS avc: denied { getattr } for ... comm="crond" path="/etc/krb5.conf" ... scontext=system_u:system_r:crond_t:s0-s15:c0.c1023 tcontext=system_u:object_r:krb5_conf_t:s0 tclass=file
BZ - 717152 - enforcing MLS: smartd is blocked by SELinux
BZ - 718219 - RFE: let postfix use dkim-milter
BZ - 719732 - [RHEL5.7][SELinux] avc: denied { sys_module } for pid=3008 comm="irqbalance"
BZ - 720462 - Zarafa needs a SELinux treatment to work (currently works only in the permissive mode)
BZ - 721041 - smbd scanning /boot when responding to quota check request
BZ - 722536 - selinux policy does not permit rsyslog(-mysql) to access the mysql database
BZ - 722579 - SELinux prevents ricci from installing RPMs.
BZ - 724941 - [RFE] subscription-manager does not have it's own policy
BZ - 728957 - User managed fetchmail forbidden after selinux upgrade
BZ - 730294 - selinux preventing procmail to execute hostname command
BZ - 730962 - When using pam authentication in squid, AVC denial about netlink_audit_socket
BZ - 732732 - swat can't write to logs
BZ - 741670 - sh (dhcpc_t) is attempting to "execute" to ./iptables (iptables_exec_t)
BZ - 745139 - selinux policy restricts rsyslog clients from connecting to port 6514
BZ - 745175 - selinux prevents rsyslogd to access /usr/share/snmp/mibs/.index
BZ - 746351 - SELinux prevents ricci from starting/stopping & enabling/disabling services.
BZ - 752487 - Finger cannot connect to ldap server
BZ - 756066 - Failing cvs login causes avc denial on /var/run/utmp
BZ - 759499 - ntpd produces an AVC when started from firstboot GUI
BZ - 761485 - [SeLinux] selinux stop iscsi login in via bnx2i
BZ - 781477 - SELinux is preventing openvpn (openvpn_t) "sys_nice" to <Unknown> (openvpn_t)
BZ - 784307 - setroubleshootd needs to be allowed to execute rpm

CVEs

(none)

References

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/selinux-policy.html#RHBA-2012-0158

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
x86_64
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8
ia64
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8
i386
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

Red Hat Enterprise Linux Workstation 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
x86_64
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8
i386
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

Red Hat Enterprise Linux Desktop 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
x86_64
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8
i386
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
s390x
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

Red Hat Enterprise Linux for Power, big endian 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
ppc
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

Red Hat Enterprise Linux Server from RHUI 5

SRPM
selinux-policy-2.4.6-327.el5.src.rpm	SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5
x86_64
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8
i386
selinux-policy-2.4.6-327.el5.noarch.rpm	SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2
selinux-policy-devel-2.4.6-327.el5.noarch.rpm	SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm	SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718
selinux-policy-mls-2.4.6-327.el5.noarch.rpm	SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa
selinux-policy-strict-2.4.6-327.el5.noarch.rpm	SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm	SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories