Package "sepol-utils"
Name: |
sepol-utils
|
Description: |
Security Enhanced Linux policy utility programs
|
Latest version: |
3.0-1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
libsepol |
Homepage: |
http://userspace.selinuxproject.org/ |
Links
Download "sepol-utils"
Other versions of "sepol-utils" in Focal
Changelog
libsepol (3.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36084.patch: alter destruction of
classperms list when resetting classpermission by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36084
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36085.patch: alter destruction of
classperms when resetting a perm by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36085
* SECURITY UPDATE: use-after-free in cil_reset_classpermission
- debian/patches/CVE-2021-36086.patch: prevent
cil_reset_classperms_set from resetting classpermission by
setting it to NULL in cil/src/cil_reset_ast.c
- CVE-2021-36086
* SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
- debian/patches/CVE-2021-36087.patch: check if a tunable
declaration, in-statement, block, blockabstract, or macro definition
is found within an optional in cil/src/cil_build_ast.c and
cil/src/cil_resolve_ast.c
- CVE-2021-36087
-- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 11:21:29 +0200
|
CVE-2021-36084 |
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper |
CVE-2021-36085 |
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). |
CVE-2021-36086 |
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list |
CVE-2021-36087 |
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs bec |
|
About
-
Send Feedback to @ubuntu_updates