- Issued:
- 2017-03-15
- Updated:
- 2017-03-15
RHSA-2017:0535 - Security Advisory
Synopsis
Important: policycoreutils security update
Type/Severity
Security Advisory: Important
Topic
An update for policycoreutils is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.
Security Fix(es):
- It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64
- Red Hat Enterprise Linux Server - AUS 7.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.2 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.2 x86_64
Fixes
- BZ - 1378577 - CVE-2016-7545 policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server - Extended Update Support 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| x86_64 | |
| policycoreutils-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 24f76b55ff90a9571b61c301de50b46df9a5cfcc6e09d42713e7ca4416cdf02a |
| policycoreutils-debuginfo-2.2.5-21.el7_2.i686.rpm | SHA-256: 8f21fe50b1922ccb4b55ca40bb4c365b21b4819b176deed400804a63041696ff |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-devel-2.2.5-21.el7_2.i686.rpm | SHA-256: 3354e7780df403c9f2721ea6f9f2d5ee7be4862b07569079e9ac2f41b07d83c9 |
| policycoreutils-devel-2.2.5-21.el7_2.x86_64.rpm | SHA-256: beb986a6126cd60a475ad7a484afe66da055c512081213a0c02fc8ccca11d793 |
| policycoreutils-gui-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 0eb928836697a4fc126e93e226710fdf947bd89830588fe4d9be04f21c2164d7 |
| policycoreutils-newrole-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 39da5c7834127986eef92a73f2531d3a3691c9cbb0183bafbbfd993dbe0c446e |
| policycoreutils-python-2.2.5-21.el7_2.x86_64.rpm | SHA-256: f8de5d651e59fcae394f343a222deaf80998c1c2529b883f1e5ed7e0c7a791cd |
| policycoreutils-restorecond-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5a270442c3924ae03cee8bdcb77f09afe6b9c7419aaa7634165e130fd109d9e4 |
| policycoreutils-sandbox-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5e44046a324174f05fe697ef46be813ae36be747f6c86cb356ff15d188ae6a2b |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| s390x | |
| policycoreutils-2.2.5-21.el7_2.s390x.rpm | SHA-256: d35bbdc35339623e2965997be9ba327d80ca863514b90ce7fbe7dca44324f706 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.s390.rpm | SHA-256: 7ea88e8261691d54b697588dcd10e09b28ee6b3c65704611e92cbc8ace6823e6 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.s390x.rpm | SHA-256: e6d7d4870876cdbb5c8a9630941ebf40750e32e1cf909622daed0bdce8e8ea24 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.s390x.rpm | SHA-256: e6d7d4870876cdbb5c8a9630941ebf40750e32e1cf909622daed0bdce8e8ea24 |
| policycoreutils-devel-2.2.5-21.el7_2.s390.rpm | SHA-256: f9f23a4804b3a6227e7d7fb67f73c127c04c3d6c44bddef799bddf5c8bfa0176 |
| policycoreutils-devel-2.2.5-21.el7_2.s390x.rpm | SHA-256: d6bc9933134652e762fc3dae53bc4fdccf4e4412041816f405b476e9533e348b |
| policycoreutils-gui-2.2.5-21.el7_2.s390x.rpm | SHA-256: 7d7f97bd3558f3b7c9a7e0cd215287bfc46496a0b77fec578943a8dec807a323 |
| policycoreutils-newrole-2.2.5-21.el7_2.s390x.rpm | SHA-256: 1656311f3b4e703e234630dde56b74d8a40a0d084c4607fa8f635b7ae432d214 |
| policycoreutils-python-2.2.5-21.el7_2.s390x.rpm | SHA-256: abf8dba30353bcdb2c46bc760be84c736b6e4c56dcc7b28926dfef3b4b113626 |
| policycoreutils-restorecond-2.2.5-21.el7_2.s390x.rpm | SHA-256: a011a33d267f7a15b86d9394105fe2e3d6096cdcfc29e1945990434650c1e11e |
| policycoreutils-sandbox-2.2.5-21.el7_2.s390x.rpm | SHA-256: a03d8b25980ea5e17c759813ec22936a9e251aab4053385c90e9578c10068db0 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| ppc64 | |
| policycoreutils-2.2.5-21.el7_2.ppc64.rpm | SHA-256: ffe35e6c0b240e22eac989d31c74d38ec286b3b0f96c04c69fa6f9b36a70fa11 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.ppc.rpm | SHA-256: 9feb65b12aeb4843d6847bb78c9be465587a9d6a35a76e4f83aa7336bdcfdcf6 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 2105f286c787fe79274305dd1e459f26ebb989e936dda727fdeaf98ee314ade0 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 2105f286c787fe79274305dd1e459f26ebb989e936dda727fdeaf98ee314ade0 |
| policycoreutils-devel-2.2.5-21.el7_2.ppc.rpm | SHA-256: 9556c817c2b7a8c7b5ca3bca5f45335ad2642b207bc66067556be07703aae057 |
| policycoreutils-devel-2.2.5-21.el7_2.ppc64.rpm | SHA-256: e35abe186f6bfe4c38f9ef4b0e3bb709fb31aa9f142d264098bd633da95c2bd3 |
| policycoreutils-gui-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 6ebad4e116b555d350e90cfa10132f4fd267fd59cf9fdb1519e0ee22b84725f9 |
| policycoreutils-newrole-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 3f0c01ee9fdfe0e41007f0063002d98b4716404a84e5dd235e0ddf18b52f74f4 |
| policycoreutils-python-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 7b0f549b323f31b4a593de9f65b7af65e036cb207c39a8f507a9a5bb61b061b6 |
| policycoreutils-restorecond-2.2.5-21.el7_2.ppc64.rpm | SHA-256: 2f706f4cef93b3537e837b553bc2fc879a6a1a1e9150895458269964d0d65531 |
| policycoreutils-sandbox-2.2.5-21.el7_2.ppc64.rpm | SHA-256: fc51d5fcdacc73db167d0394be6a6a7acb31eef5ef4c1aba6540d093f0cafd91 |
Red Hat Enterprise Linux EUS Compute Node 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| x86_64 | |
| policycoreutils-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 24f76b55ff90a9571b61c301de50b46df9a5cfcc6e09d42713e7ca4416cdf02a |
| policycoreutils-debuginfo-2.2.5-21.el7_2.i686.rpm | SHA-256: 8f21fe50b1922ccb4b55ca40bb4c365b21b4819b176deed400804a63041696ff |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-devel-2.2.5-21.el7_2.i686.rpm | SHA-256: 3354e7780df403c9f2721ea6f9f2d5ee7be4862b07569079e9ac2f41b07d83c9 |
| policycoreutils-devel-2.2.5-21.el7_2.x86_64.rpm | SHA-256: beb986a6126cd60a475ad7a484afe66da055c512081213a0c02fc8ccca11d793 |
| policycoreutils-gui-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 0eb928836697a4fc126e93e226710fdf947bd89830588fe4d9be04f21c2164d7 |
| policycoreutils-newrole-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 39da5c7834127986eef92a73f2531d3a3691c9cbb0183bafbbfd993dbe0c446e |
| policycoreutils-python-2.2.5-21.el7_2.x86_64.rpm | SHA-256: f8de5d651e59fcae394f343a222deaf80998c1c2529b883f1e5ed7e0c7a791cd |
| policycoreutils-restorecond-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5a270442c3924ae03cee8bdcb77f09afe6b9c7419aaa7634165e130fd109d9e4 |
| policycoreutils-sandbox-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5e44046a324174f05fe697ef46be813ae36be747f6c86cb356ff15d188ae6a2b |
Red Hat Enterprise Linux Server - AUS 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| x86_64 | |
| policycoreutils-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 24f76b55ff90a9571b61c301de50b46df9a5cfcc6e09d42713e7ca4416cdf02a |
| policycoreutils-debuginfo-2.2.5-21.el7_2.i686.rpm | SHA-256: 8f21fe50b1922ccb4b55ca40bb4c365b21b4819b176deed400804a63041696ff |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-devel-2.2.5-21.el7_2.i686.rpm | SHA-256: 3354e7780df403c9f2721ea6f9f2d5ee7be4862b07569079e9ac2f41b07d83c9 |
| policycoreutils-devel-2.2.5-21.el7_2.x86_64.rpm | SHA-256: beb986a6126cd60a475ad7a484afe66da055c512081213a0c02fc8ccca11d793 |
| policycoreutils-gui-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 0eb928836697a4fc126e93e226710fdf947bd89830588fe4d9be04f21c2164d7 |
| policycoreutils-newrole-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 39da5c7834127986eef92a73f2531d3a3691c9cbb0183bafbbfd993dbe0c446e |
| policycoreutils-python-2.2.5-21.el7_2.x86_64.rpm | SHA-256: f8de5d651e59fcae394f343a222deaf80998c1c2529b883f1e5ed7e0c7a791cd |
| policycoreutils-restorecond-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5a270442c3924ae03cee8bdcb77f09afe6b9c7419aaa7634165e130fd109d9e4 |
| policycoreutils-sandbox-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5e44046a324174f05fe697ef46be813ae36be747f6c86cb356ff15d188ae6a2b |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| ppc64le | |
| policycoreutils-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: fcd2f68af571bc0362102b664056afae9a2011f3082f3551344c4ed142858072 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: afa5addc5999332a395638687579ba7c9784fb6251cca006d608630c189d6ac0 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: afa5addc5999332a395638687579ba7c9784fb6251cca006d608630c189d6ac0 |
| policycoreutils-devel-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: d75447eb2cc753803c5717f8b1c5fd8b3c0f50aad5461de25a6930234236347b |
| policycoreutils-gui-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: e4387814dadd9a442839c4af91f4657a88dc0e1106791eb19c7786cfdfc99075 |
| policycoreutils-newrole-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: 1c05358d2f591238d9a5bd8edb65ec160da27c08c23918ad6be379ce5287fbb8 |
| policycoreutils-python-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: e2e3968fc4f5d4257936fe9586a86f3a97be9a58a7f401b81bfbc916e65f4f8e |
| policycoreutils-restorecond-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: bb2393dfbed98e5e06a03da665844882c70a6f873ada857d0449a8da9b9aa087 |
| policycoreutils-sandbox-2.2.5-21.el7_2.ppc64le.rpm | SHA-256: 52209fa65158473430b26101ed6afc50f5438935a7995e0846f73fe5e050794f |
Red Hat Enterprise Linux Server - TUS 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| x86_64 | |
| policycoreutils-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 24f76b55ff90a9571b61c301de50b46df9a5cfcc6e09d42713e7ca4416cdf02a |
| policycoreutils-debuginfo-2.2.5-21.el7_2.i686.rpm | SHA-256: 8f21fe50b1922ccb4b55ca40bb4c365b21b4819b176deed400804a63041696ff |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-devel-2.2.5-21.el7_2.i686.rpm | SHA-256: 3354e7780df403c9f2721ea6f9f2d5ee7be4862b07569079e9ac2f41b07d83c9 |
| policycoreutils-devel-2.2.5-21.el7_2.x86_64.rpm | SHA-256: beb986a6126cd60a475ad7a484afe66da055c512081213a0c02fc8ccca11d793 |
| policycoreutils-gui-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 0eb928836697a4fc126e93e226710fdf947bd89830588fe4d9be04f21c2164d7 |
| policycoreutils-newrole-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 39da5c7834127986eef92a73f2531d3a3691c9cbb0183bafbbfd993dbe0c446e |
| policycoreutils-python-2.2.5-21.el7_2.x86_64.rpm | SHA-256: f8de5d651e59fcae394f343a222deaf80998c1c2529b883f1e5ed7e0c7a791cd |
| policycoreutils-restorecond-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5a270442c3924ae03cee8bdcb77f09afe6b9c7419aaa7634165e130fd109d9e4 |
| policycoreutils-sandbox-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5e44046a324174f05fe697ef46be813ae36be747f6c86cb356ff15d188ae6a2b |
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.2
| SRPM | |
|---|---|
| policycoreutils-2.2.5-21.el7_2.src.rpm | SHA-256: 9349366c43aa997d134982944cdf5abcf2ab0d008428da639a0b06b147742fba |
| x86_64 | |
| policycoreutils-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 24f76b55ff90a9571b61c301de50b46df9a5cfcc6e09d42713e7ca4416cdf02a |
| policycoreutils-debuginfo-2.2.5-21.el7_2.i686.rpm | SHA-256: 8f21fe50b1922ccb4b55ca40bb4c365b21b4819b176deed400804a63041696ff |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-debuginfo-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 7f207934cd2d2552a9e405fbb03a5c0d971909ed72fbedd8372f96d566e95154 |
| policycoreutils-devel-2.2.5-21.el7_2.i686.rpm | SHA-256: 3354e7780df403c9f2721ea6f9f2d5ee7be4862b07569079e9ac2f41b07d83c9 |
| policycoreutils-devel-2.2.5-21.el7_2.x86_64.rpm | SHA-256: beb986a6126cd60a475ad7a484afe66da055c512081213a0c02fc8ccca11d793 |
| policycoreutils-gui-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 0eb928836697a4fc126e93e226710fdf947bd89830588fe4d9be04f21c2164d7 |
| policycoreutils-newrole-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 39da5c7834127986eef92a73f2531d3a3691c9cbb0183bafbbfd993dbe0c446e |
| policycoreutils-python-2.2.5-21.el7_2.x86_64.rpm | SHA-256: f8de5d651e59fcae394f343a222deaf80998c1c2529b883f1e5ed7e0c7a791cd |
| policycoreutils-restorecond-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5a270442c3924ae03cee8bdcb77f09afe6b9c7419aaa7634165e130fd109d9e4 |
| policycoreutils-sandbox-2.2.5-21.el7_2.x86_64.rpm | SHA-256: 5e44046a324174f05fe697ef46be813ae36be747f6c86cb356ff15d188ae6a2b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.