Red Hat Product Errata RHBA-2020:5242 - Bug Fix Advisory

Issued:: 2020-11-30
Updated:: 2020-11-30

RHBA-2020:5242 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

fapolicyd bug fix update

Type/Severity

Bug Fix Advisory

Topic

An update for fapolicyd is now available for Red Hat Enterprise Linux 8.

Description

The fapolicyd software framework introduces a form of application whitelisting and blacklisting based on a user-defined policy. The application whitelisting feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.

Bug Fix:

When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.

With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.

(BZ#1897090)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 1897090 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix [rhel-8.3.0.z]

CVEs

(none)

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
fapolicyd-1.0-3.el8_3.3.src.rpm	SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b
x86_64
fapolicyd-1.0-3.el8_3.3.x86_64.rpm	SHA-256: 608a0b429d82a8afe9f47aebdb5dc2f62e3258801d5d7a15148a326ec3482a2d
fapolicyd-debuginfo-1.0-3.el8_3.3.x86_64.rpm	SHA-256: da792f53950c657bb63db3ad4c5540b8bc4891a7503d1d8c36b87fdbc82e4f85
fapolicyd-debugsource-1.0-3.el8_3.3.x86_64.rpm	SHA-256: 17ad6314ec2986809fe20f35775238a2119b868f59270f568ddbc8498c9fc996
fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm	SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
fapolicyd-1.0-3.el8_3.3.src.rpm	SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b
s390x
fapolicyd-1.0-3.el8_3.3.s390x.rpm	SHA-256: 7debf58face8074bb14e9602914b50c9c7e0b8cb83012119821c54c489f110e5
fapolicyd-debuginfo-1.0-3.el8_3.3.s390x.rpm	SHA-256: 0ca11a0e86fffb9cfc77e49700af7579359bfae1e1e96ce22c202dc4802ddf40
fapolicyd-debugsource-1.0-3.el8_3.3.s390x.rpm	SHA-256: 344732756fdeb7e6cbaeed1ac5a33dd4931cee6bea74921350f1b5f804fef3f6
fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm	SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3

Red Hat Enterprise Linux for Power, little endian 8

SRPM
fapolicyd-1.0-3.el8_3.3.src.rpm	SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b
ppc64le
fapolicyd-1.0-3.el8_3.3.ppc64le.rpm	SHA-256: cf144d13a23f99c29b6e22339f14b8a1af7a4f32a54e63342b3b4fe8e7b2f083
fapolicyd-debuginfo-1.0-3.el8_3.3.ppc64le.rpm	SHA-256: d26c2ab8b9ae9c0b543de3606c9f93bc39eb92a5d4060e7897c5a5a7597a2581
fapolicyd-debugsource-1.0-3.el8_3.3.ppc64le.rpm	SHA-256: f29fbfe0f5a1b156ce4da73663f4a688171a57b386184a5c6eacd8e6802e01d4
fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm	SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3

Red Hat Enterprise Linux for ARM 64 8

SRPM
fapolicyd-1.0-3.el8_3.3.src.rpm	SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b
aarch64
fapolicyd-1.0-3.el8_3.3.aarch64.rpm	SHA-256: 7524ae70da5d7df65797171b4d7b0186b59eee698a9c4b5c45970f36930275ef
fapolicyd-debuginfo-1.0-3.el8_3.3.aarch64.rpm	SHA-256: 5fe7f279c343b167ce0dd2844f58fbc2781f7072766a7eb69fdb090e73ed62c4
fapolicyd-debugsource-1.0-3.el8_3.3.aarch64.rpm	SHA-256: 0b1955b86e57c8635a4ac77a258f7b1da55cd003fc54c21fa79a067f527314aa
fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm	SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories