Synopsis: Important: policycoreutils security update
Advisory ID: SLSA-2016:2702-1
Issue Date: 2016-11-14
CVE Numbers: CVE-2016-7545
—
Security Fix(es):
* It was found that the sandbox tool provided in policycoreutils was
vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed
via the sandbox command could use this flaw to execute arbitrary commands
in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)
—
SL6
x86_64
policycoreutils-2.0.83-30.1.el6_8.x86_64.rpm
policycoreutils-debuginfo-2.0.83-30.1.el6_8.x86_64.rpm
policycoreutils-gui-2.0.83-30.1.el6_8.x86_64.rpm
policycoreutils-newrole-2.0.83-30.1.el6_8.x86_64.rpm
policycoreutils-python-2.0.83-30.1.el6_8.x86_64.rpm
policycoreutils-sandbox-2.0.83-30.1.el6_8.x86_64.rpm
i386
policycoreutils-2.0.83-30.1.el6_8.i686.rpm
policycoreutils-debuginfo-2.0.83-30.1.el6_8.i686.rpm
policycoreutils-gui-2.0.83-30.1.el6_8.i686.rpm
policycoreutils-newrole-2.0.83-30.1.el6_8.i686.rpm
policycoreutils-python-2.0.83-30.1.el6_8.i686.rpm
policycoreutils-sandbox-2.0.83-30.1.el6_8.i686.rpm
SL7
x86_64
policycoreutils-2.5-9.el7.x86_64.rpm
policycoreutils-debuginfo-2.5-9.el7.i686.rpm
policycoreutils-debuginfo-2.5-9.el7.x86_64.rpm
policycoreutils-devel-2.5-9.el7.i686.rpm
policycoreutils-devel-2.5-9.el7.x86_64.rpm
policycoreutils-gui-2.5-9.el7.x86_64.rpm
policycoreutils-newrole-2.5-9.el7.x86_64.rpm
policycoreutils-python-2.5-9.el7.x86_64.rpm
policycoreutils-sandbox-2.5-9.el7.x86_64.rpm
policycoreutils-restorecond-2.5-9.el7.x86_64.rpm
– Scientific Linux Development Team
