UbuntuUpdates.org

Package "libsepol1"

Name: libsepol1

Description:

SELinux library for manipulating binary security policies

Latest version: 2.7-1ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: main
Head package: libsepol
Homepage: http://userspace.selinuxproject.org/

Links


Download "libsepol1"


Other versions of "libsepol1" in Bionic

Repository Area Version
base main 2.7-1
updates main 2.7-1ubuntu0.1

Changelog

Version: 2.7-1ubuntu0.1 2022-04-27 10:06:30 UTC

  libsepol (2.7-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36084.patch: alter destruction of
      classperms list when resetting classpermission by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36084
  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36085.patch: alter destruction of
      classperms when resetting a perm by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36085
  * SECURITY UPDATE: use-after-free in cil_reset_classpermission
    - debian/patches/CVE-2021-36086.patch: prevent
      cil_reset_classperms_set from resetting classpermission by
      setting it to NULL in cil/src/cil_reset_ast.c
    - CVE-2021-36086
  * SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
    - debian/patches/CVE-2021-36087.patch: check if a tunable
      declaration, in-statement, block, blockabstract, or macro definition
      is found within an optional in cil/src/cil_build_ast.c and
      cil/src/cil_resolve_ast.c
    - CVE-2021-36087

 -- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 12:52:52 +0200

CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper
CVE-2021-36085 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list
CVE-2021-36087 The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs bec



About   -   Send Feedback to @ubuntu_updates