Red Hat Product Errata RHSA-2022:4824 - Security Advisory
Issued:
2022-05-31
Updated:
2022-05-31

RHSA-2022:4824 - Security Advisory

Synopsis

Moderate: fapolicyd security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for fapolicyd is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights.

Security Fix(es):

  • fapolicyd: fapolicyd wrongly prepares ld.so path (CVE-2022-1117)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Faulty handling of static applications (BZ#2084549)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2068171 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path
  • BZ - 2084549 - Faulty handling of static applications [rhel-8.4.0.z]

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
x86_64
fapolicyd-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 4df736bacb6e1ced94e5eb1b3d543bb34ad6ce6c8dfd724f76df9da889dd8545
fapolicyd-debuginfo-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 8f3a788bfae557a59851a80203c3e1d90b392fd5192c82263832d503486723ad
fapolicyd-debugsource-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 59f018675743c69a6db9556ddf4088dfda657ad7b7f9536f522cfd22e50f53b3
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
x86_64
fapolicyd-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 4df736bacb6e1ced94e5eb1b3d543bb34ad6ce6c8dfd724f76df9da889dd8545
fapolicyd-debuginfo-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 8f3a788bfae557a59851a80203c3e1d90b392fd5192c82263832d503486723ad
fapolicyd-debugsource-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 59f018675743c69a6db9556ddf4088dfda657ad7b7f9536f522cfd22e50f53b3
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
x86_64
fapolicyd-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 4df736bacb6e1ced94e5eb1b3d543bb34ad6ce6c8dfd724f76df9da889dd8545
fapolicyd-debuginfo-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 8f3a788bfae557a59851a80203c3e1d90b392fd5192c82263832d503486723ad
fapolicyd-debugsource-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 59f018675743c69a6db9556ddf4088dfda657ad7b7f9536f522cfd22e50f53b3
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
s390x
fapolicyd-1.0.2-6.el8_4.1.s390x.rpm SHA-256: ef18bc2fc116a108bce49a498012a5c313d28a4d83db03f61b36614cd82aa494
fapolicyd-debuginfo-1.0.2-6.el8_4.1.s390x.rpm SHA-256: 49abf7c08cac92789da7852cab90a22c92a920232684ef6a0655027514ec9178
fapolicyd-debugsource-1.0.2-6.el8_4.1.s390x.rpm SHA-256: 7f0fd9c134c748475b6ab16f540cbcde8c75bb7def2fba58b8b904cdc08a5688
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
ppc64le
fapolicyd-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: c517da334064ad3c93ea5ca0d936ebf42ac37fd2d6840ced73f40bd6e6149916
fapolicyd-debuginfo-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: c3243cd058db4a8e50f3cc3e71db1a19830c92270bce8dd9f7c90f8b000c1ed9
fapolicyd-debugsource-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: b6da85cf2144b1cb2e6daa30300d62e33450676188194e431b69c877b06d8b06
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
x86_64
fapolicyd-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 4df736bacb6e1ced94e5eb1b3d543bb34ad6ce6c8dfd724f76df9da889dd8545
fapolicyd-debuginfo-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 8f3a788bfae557a59851a80203c3e1d90b392fd5192c82263832d503486723ad
fapolicyd-debugsource-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 59f018675743c69a6db9556ddf4088dfda657ad7b7f9536f522cfd22e50f53b3
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
aarch64
fapolicyd-1.0.2-6.el8_4.1.aarch64.rpm SHA-256: 05da3c0a3660cb257034c086676bab310aa1dd9e31a3936d94c695c30eee577f
fapolicyd-debuginfo-1.0.2-6.el8_4.1.aarch64.rpm SHA-256: c302a5bcea9b39d78bf71fe52e0c2e64769b2162d04468b3b5778c9a3da35f72
fapolicyd-debugsource-1.0.2-6.el8_4.1.aarch64.rpm SHA-256: 09557ae73b05c3a53df2baab96e4598069387f8c321157d8eec7f969e3087e75
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
ppc64le
fapolicyd-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: c517da334064ad3c93ea5ca0d936ebf42ac37fd2d6840ced73f40bd6e6149916
fapolicyd-debuginfo-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: c3243cd058db4a8e50f3cc3e71db1a19830c92270bce8dd9f7c90f8b000c1ed9
fapolicyd-debugsource-1.0.2-6.el8_4.1.ppc64le.rpm SHA-256: b6da85cf2144b1cb2e6daa30300d62e33450676188194e431b69c877b06d8b06
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
fapolicyd-1.0.2-6.el8_4.1.src.rpm SHA-256: 80ed1b7ead7bff5a906d7727777919f29dc02e4b3174d0e8b032adb8b6336c50
x86_64
fapolicyd-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 4df736bacb6e1ced94e5eb1b3d543bb34ad6ce6c8dfd724f76df9da889dd8545
fapolicyd-debuginfo-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 8f3a788bfae557a59851a80203c3e1d90b392fd5192c82263832d503486723ad
fapolicyd-debugsource-1.0.2-6.el8_4.1.x86_64.rpm SHA-256: 59f018675743c69a6db9556ddf4088dfda657ad7b7f9536f522cfd22e50f53b3
fapolicyd-selinux-1.0.2-6.el8_4.1.noarch.rpm SHA-256: bdca04d5413593cee80824db8246c1e48a1d3357e89494bcbc75a3a5ac229cc1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.