UbuntuUpdates.org

Package "sepol-utils"

Name: sepol-utils

Description:

Security Enhanced Linux policy utility programs
Latest version: 3.0-1ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: universe
Head package: libsepol
Homepage: http://userspace.selinuxproject.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "sepol-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "sepol-utils" in Focal

Repository Area Version
base universe 3.0-1
security universe 3.0-1ubuntu0.1

Changelog

Version: 3.0-1ubuntu0.1 2022-04-27 10:06:39 UTC

  libsepol (3.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36084.patch: alter destruction of
      classperms list when resetting classpermission by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36084
  * SECURITY UPDATE: use-after-free in __cil_verify_classperms
    - debian/patches/CVE-2021-36085.patch: alter destruction of
      classperms when resetting a perm by avoiding
      deleting the inner data in cil/src/cil_reset_ast.c
    - CVE-2021-36085
  * SECURITY UPDATE: use-after-free in cil_reset_classpermission
    - debian/patches/CVE-2021-36086.patch: prevent
      cil_reset_classperms_set from resetting classpermission by
      setting it to NULL in cil/src/cil_reset_ast.c
    - CVE-2021-36086
  * SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
    - debian/patches/CVE-2021-36087.patch: check if a tunable
      declaration, in-statement, block, blockabstract, or macro definition
      is found within an optional in cil/src/cil_build_ast.c and
      cil/src/cil_resolve_ast.c
    - CVE-2021-36087

 -- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 11:21:29 +0200
CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper
CVE-2021-36085 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list
CVE-2021-36087 The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs bec


About   -   Send Feedback to @ubuntu_updates