UbuntuUpdates.org

Package "libsepol1-dev"

Name: libsepol1-dev

Description:

SELinux binary policy manipulation library and development files

Latest version: 3.0-1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: main
Head package: libsepol
Homepage: http://userspace.selinuxproject.org/

Links


Download "libsepol1-dev"


Other versions of "libsepol1-dev" in Focal

Repository Area Version
base main 3.0-1
updates main 3.0-1ubuntu0.1

Changelog

Version: 3.0-1ubuntu0.1 2022-04-27 10:06:34 UTC

  libsepol (3.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36084.patch: alter destruction of
      classperms list when resetting classpermission by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36084
  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36085.patch: alter destruction of
      classperms when resetting a perm by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36085
  * SECURITY UPDATE: use-after-free in cil_reset_classpermission
    - debian/patches/CVE-2021-36086.patch: prevent
      cil_reset_classperms_set from resetting classpermission by
      setting it to NULL in cil/src/cil_reset_ast.c
    - CVE-2021-36086
  * SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
    - debian/patches/CVE-2021-36087.patch: check if a tunable
      declaration, in-statement, block, blockabstract, or macro definition
      is found within an optional in cil/src/cil_build_ast.c and
      cil/src/cil_resolve_ast.c
    - CVE-2021-36087

 -- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 11:21:29 +0200

CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper
CVE-2021-36085 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list
CVE-2021-36087 The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs bec



About   -   Send Feedback to @ubuntu_updates