Red Hat Product Errata RHSA-2017:0536 - Security Advisory

Issued:: 2017-03-15
Updated:: 2017-03-15

RHSA-2017:0536 - Security Advisory

Overview
Updated Packages

Synopsis

Important: policycoreutils security update

Type/Severity

Security Advisory: Important

Topic

An update for policycoreutils is now available for Red Hat Enterprise Linux 7.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.

Security Fix(es):

It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 7.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.1 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.1 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.1 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.1 ppc64le

Fixes

BZ - 1378577 - CVE-2016-7545 policycoreutils: SELinux sandbox escape via TIOCSTI ioctl

CVEs

CVE-2016-7545

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 7.1

SRPM
policycoreutils-2.2.5-16.el7_1.src.rpm	SHA-256: 053db1c36ff58db8478c86cff18b251316f81b37ce8986d52e328c6333231e48
x86_64
policycoreutils-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 5ba55ca70416a79aa35192e8d34669c2fd071885ae2cfac9ee97813314cc1493
policycoreutils-debuginfo-2.2.5-16.el7_1.i686.rpm	SHA-256: 7efa8ed5a78a3c72787dd149d6fec86e813bc16894df0180f4132e36880d63ca
policycoreutils-debuginfo-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 463e6a9436d27355df536efcf6d1a20a08f5df172c74048ec1bcce0264d4ace7
policycoreutils-debuginfo-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 463e6a9436d27355df536efcf6d1a20a08f5df172c74048ec1bcce0264d4ace7
policycoreutils-devel-2.2.5-16.el7_1.i686.rpm	SHA-256: ceae0a431f63a137b381cfebfdf0ea044795730c612e4531feabd0009a1e161b
policycoreutils-devel-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 0991493f209aa0a8c61f8a1ba5cbff8c27d73a753ed8b1e1036769b6eae396b2
policycoreutils-gui-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 9c8fda39fc1a99f70498b49171c4d4255807502ecfe36d9f2f7ab9763b5c8cfa
policycoreutils-newrole-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 0669c34a7240dbdd8b3df9d3ebec64395586e9b37f5bdc9a23d39b206d532709
policycoreutils-python-2.2.5-16.el7_1.x86_64.rpm	SHA-256: de155a58dd430d45a0eed56228db06b4dc610ac6be1c662501d7396d90d4472d
policycoreutils-restorecond-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 37b06388326fbfa4c2e1804192eb076c34f312490d337aefe22fdcce658cd79b
policycoreutils-sandbox-2.2.5-16.el7_1.x86_64.rpm	SHA-256: ff74eb60ae31d92502b37304a4d040346c2097db978c42e68b56aca1ffaefd61

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.1

SRPM
policycoreutils-2.2.5-16.el7_1.src.rpm	SHA-256: 053db1c36ff58db8478c86cff18b251316f81b37ce8986d52e328c6333231e48
s390x
policycoreutils-2.2.5-16.el7_1.s390x.rpm	SHA-256: 939c88365489dd0a62233d72b5512d52beb9d1e830320dc694fed072c03f57ec
policycoreutils-debuginfo-2.2.5-16.el7_1.s390.rpm	SHA-256: 79f6ca8b00804223fcc3656830eefc0053d27bc12f5b366224213aab8cfc987c
policycoreutils-debuginfo-2.2.5-16.el7_1.s390x.rpm	SHA-256: e25e802317938d63dd392bfb18723a9d3873f1a7c05a06e9e581fbe87b417399
policycoreutils-debuginfo-2.2.5-16.el7_1.s390x.rpm	SHA-256: e25e802317938d63dd392bfb18723a9d3873f1a7c05a06e9e581fbe87b417399
policycoreutils-devel-2.2.5-16.el7_1.s390.rpm	SHA-256: 00792847542f08e80c062440b6701b3772eae32f87eb0677b716182f688805ca
policycoreutils-devel-2.2.5-16.el7_1.s390x.rpm	SHA-256: 08b0c625eb1fa4e1759f82c1046bae22634d4166befc24d31ebe09712fa90042
policycoreutils-gui-2.2.5-16.el7_1.s390x.rpm	SHA-256: 15b89e386add2d6e0d9e7fce0dcd10f9229c7165f66bb99032c459e2b31944d3
policycoreutils-newrole-2.2.5-16.el7_1.s390x.rpm	SHA-256: ced1f0c0de5178f9bd46b40f4c3df2d86da22838a547783f9dfa74d79c106995
policycoreutils-python-2.2.5-16.el7_1.s390x.rpm	SHA-256: 5577e5efa84142599b429f163ee609558d537a6693faa7e066723dc1bba510f2
policycoreutils-restorecond-2.2.5-16.el7_1.s390x.rpm	SHA-256: 4a9e780e7decc1f7531facc7d4c446315c5a7c44f2b4ec5ed9d30c06b0ba8f78
policycoreutils-sandbox-2.2.5-16.el7_1.s390x.rpm	SHA-256: c8f4d386d87721f311a337b4a8cf07078c00f7e2adee25e6f731027f62a84d2b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.1

SRPM
policycoreutils-2.2.5-16.el7_1.src.rpm	SHA-256: 053db1c36ff58db8478c86cff18b251316f81b37ce8986d52e328c6333231e48
ppc64
policycoreutils-2.2.5-16.el7_1.ppc64.rpm	SHA-256: fe1dc08f47b62680b71a29f9f18bb69684a7298a16eea75343e78d99b44ae1a6
policycoreutils-debuginfo-2.2.5-16.el7_1.ppc.rpm	SHA-256: 35bfe01fdc93e6310179915eb309c52b9127a50e11085085ccd8ef2e49538578
policycoreutils-debuginfo-2.2.5-16.el7_1.ppc64.rpm	SHA-256: a7a9c2dd1b9db5eda6214ef53a3324d2777bf945c5d0018c6cf1f29eb7182127
policycoreutils-debuginfo-2.2.5-16.el7_1.ppc64.rpm	SHA-256: a7a9c2dd1b9db5eda6214ef53a3324d2777bf945c5d0018c6cf1f29eb7182127
policycoreutils-devel-2.2.5-16.el7_1.ppc.rpm	SHA-256: 75eebc2e3e77b0848a3761db834d6b9580de2069c47622662d327949012deddf
policycoreutils-devel-2.2.5-16.el7_1.ppc64.rpm	SHA-256: 412d307d3852b8ecf5c887ae373a328af981370dcdf2c60d0481b81578fd492a
policycoreutils-gui-2.2.5-16.el7_1.ppc64.rpm	SHA-256: d4bba3f8afbf837ca56df3b88b6aeb5bb512aacf02238b8d639e1cd1f13516d7
policycoreutils-newrole-2.2.5-16.el7_1.ppc64.rpm	SHA-256: 2e1443391c7bd7463833761a935a6436a4a70f393761e5bcf572e02716141255
policycoreutils-python-2.2.5-16.el7_1.ppc64.rpm	SHA-256: 12ecfa01b040124451a19c5471ea3a82d1d49751b946f99dba1ab23639bcc77d
policycoreutils-restorecond-2.2.5-16.el7_1.ppc64.rpm	SHA-256: b52c0e779966513135f9940843523d1b8906d52d4a88d8e41b73d1f36488b164
policycoreutils-sandbox-2.2.5-16.el7_1.ppc64.rpm	SHA-256: a5fa7aec0991ad2d78d6e564742a9032676583a1cf319ef5341ec5092a916b32

Red Hat Enterprise Linux EUS Compute Node 7.1

SRPM
policycoreutils-2.2.5-16.el7_1.src.rpm	SHA-256: 053db1c36ff58db8478c86cff18b251316f81b37ce8986d52e328c6333231e48
x86_64
policycoreutils-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 5ba55ca70416a79aa35192e8d34669c2fd071885ae2cfac9ee97813314cc1493
policycoreutils-debuginfo-2.2.5-16.el7_1.i686.rpm	SHA-256: 7efa8ed5a78a3c72787dd149d6fec86e813bc16894df0180f4132e36880d63ca
policycoreutils-debuginfo-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 463e6a9436d27355df536efcf6d1a20a08f5df172c74048ec1bcce0264d4ace7
policycoreutils-debuginfo-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 463e6a9436d27355df536efcf6d1a20a08f5df172c74048ec1bcce0264d4ace7
policycoreutils-devel-2.2.5-16.el7_1.i686.rpm	SHA-256: ceae0a431f63a137b381cfebfdf0ea044795730c612e4531feabd0009a1e161b
policycoreutils-devel-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 0991493f209aa0a8c61f8a1ba5cbff8c27d73a753ed8b1e1036769b6eae396b2
policycoreutils-gui-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 9c8fda39fc1a99f70498b49171c4d4255807502ecfe36d9f2f7ab9763b5c8cfa
policycoreutils-newrole-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 0669c34a7240dbdd8b3df9d3ebec64395586e9b37f5bdc9a23d39b206d532709
policycoreutils-python-2.2.5-16.el7_1.x86_64.rpm	SHA-256: de155a58dd430d45a0eed56228db06b4dc610ac6be1c662501d7396d90d4472d
policycoreutils-restorecond-2.2.5-16.el7_1.x86_64.rpm	SHA-256: 37b06388326fbfa4c2e1804192eb076c34f312490d337aefe22fdcce658cd79b
policycoreutils-sandbox-2.2.5-16.el7_1.x86_64.rpm	SHA-256: ff74eb60ae31d92502b37304a4d040346c2097db978c42e68b56aca1ffaefd61

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.1

SRPM
policycoreutils-2.2.5-16.ael7b_1.src.rpm	SHA-256: 65936fba493a5947e5db35a8fa768a2d89f98bd304c4ae8924f1eb9e028aef9d
ppc64le
policycoreutils-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: ca87a2d3580cf0d33fdf4bf59210f819a897196f74919d4161c7330e350c6e61
policycoreutils-debuginfo-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: b643c6b40c78fd2f7e0c9ce3f41db956960fa9adfba6bf0653b30395e96bdf34
policycoreutils-debuginfo-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: b643c6b40c78fd2f7e0c9ce3f41db956960fa9adfba6bf0653b30395e96bdf34
policycoreutils-devel-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: 836f60d0e09b301593da0b0b7372c37277e486dbe9a93cb25bcb193ed98e33d0
policycoreutils-gui-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: 87ab4533fbdd4b7539a70ae78ed5377667ea3bbd464ea7d711a2564b93552439
policycoreutils-newrole-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: 45d2f43c4be6586465920d29cb7e840a7710bb8473696482d7c5521b3040bc6a
policycoreutils-python-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: e76c93e7dcf8db2c565510df5df5721b97b028e06ad24621adea2c80633603be
policycoreutils-restorecond-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: 1ec8d382c93f245487aa726df9458bb8684e63e9b328335b3b56389be2d2ba1e
policycoreutils-sandbox-2.2.5-16.ael7b_1.ppc64le.rpm	SHA-256: 1438e5205501a26f8408fdce3a3971296112a330d59748ae5ea77517cb4ae04c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories