Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2016:1267 - Security Advisory
Issued:
2016-06-21
Updated:
2016-06-21

RHSA-2016:1267 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: setroubleshoot and setroubleshoot-plugins security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es):

  • Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4445, CVE-2016-4989)
  • Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat Product Security.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 1332644 - CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin
  • BZ - 1339183 - CVE-2016-4445 setroubleshoot: insecure use of commands.getstatusoutput
  • BZ - 1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin
  • BZ - 1346461 - CVE-2016-4989 setroubleshoot: command injection issues

CVEs

  • CVE-2016-4444
  • CVE-2016-4445
  • CVE-2016-4446
  • CVE-2016-4989

References

  • http://www.redhat.com/security/updates/classification/#normal
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
x86_64
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
i386
setroubleshoot-3.0.47-12.el6_8.i686.rpm SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm SHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
x86_64
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
i386
setroubleshoot-3.0.47-12.el6_8.i686.rpm SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm SHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108

Red Hat Enterprise Linux Workstation 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
x86_64
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
i386
setroubleshoot-3.0.47-12.el6_8.i686.rpm SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm SHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108

Red Hat Enterprise Linux Desktop 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
x86_64
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm SHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
i386
setroubleshoot-3.0.47-12.el6_8.i686.rpm SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm SHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm SHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
s390x
setroubleshoot-3.0.47-12.el6_8.s390x.rpm SHA-256: a4ce767f9030851d2d7c3d465804e022432132fcc2de01cd294040e5ad3537a2
setroubleshoot-debuginfo-3.0.47-12.el6_8.s390x.rpm SHA-256: 36988007cef500e86ec4566716fb541dbfb1c8ab16129626c74705b9677c20f0
setroubleshoot-debuginfo-3.0.47-12.el6_8.s390x.rpm SHA-256: 36988007cef500e86ec4566716fb541dbfb1c8ab16129626c74705b9677c20f0
setroubleshoot-doc-3.0.47-12.el6_8.s390x.rpm SHA-256: e5067f340b6e2215e7ac61d0fec2a0d0db29c737f339b3e4cd402b7fc6a0eee7
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.s390x.rpm SHA-256: 8b4e769d0adb0052a94976bf5f030ac72c930ef1977acb5a94fb825c05abfba0

Red Hat Enterprise Linux for Power, big endian 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
ppc64
setroubleshoot-3.0.47-12.el6_8.ppc64.rpm SHA-256: 19aa936946bc7d6e2f7b259c8ce014f64731754f4781562b7f3fef37d871b085
setroubleshoot-debuginfo-3.0.47-12.el6_8.ppc64.rpm SHA-256: 1fd0508334f18b0e61b1e69125eb63ae7b7343716325cdf6222f045a1a4b093c
setroubleshoot-debuginfo-3.0.47-12.el6_8.ppc64.rpm SHA-256: 1fd0508334f18b0e61b1e69125eb63ae7b7343716325cdf6222f045a1a4b093c
setroubleshoot-doc-3.0.47-12.el6_8.ppc64.rpm SHA-256: feab92a13938ac88c82119b6e7435e56f5bb092abc36ed265e27c2438c956359
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.ppc64.rpm SHA-256: 89476e5ac4712b7e7b782a5727e62fb8098d8acefefce33cdddaaecb0a2eb9be

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
setroubleshoot-3.0.47-12.el6_8.src.rpm SHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm SHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
s390x
setroubleshoot-3.0.47-12.el6_8.s390x.rpm SHA-256: a4ce767f9030851d2d7c3d465804e022432132fcc2de01cd294040e5ad3537a2
setroubleshoot-debuginfo-3.0.47-12.el6_8.s390x.rpm SHA-256: 36988007cef500e86ec4566716fb541dbfb1c8ab16129626c74705b9677c20f0
setroubleshoot-debuginfo-3.0.47-12.el6_8.s390x.rpm SHA-256: 36988007cef500e86ec4566716fb541dbfb1c8ab16129626c74705b9677c20f0
setroubleshoot-doc-3.0.47-12.el6_8.s390x.rpm SHA-256: e5067f340b6e2215e7ac61d0fec2a0d0db29c737f339b3e4cd402b7fc6a0eee7
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm SHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.s390x.rpm SHA-256: 8b4e769d0adb0052a94976bf5f030ac72c930ef1977acb5a94fb825c05abfba0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter