[SECURITY] Fedora 14 Update: policycoreutils-2.0.85-19.fc14

updates at fedoraproject.org updates at fedoraproject.org
Sat Mar 19 10:26:36 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3043
2011-03-10 20:10:10
--------------------------------------------------------------------------------

Name        : policycoreutils
Product     : Fedora 14
Version     : 2.0.85
Release     : 19.fc14
URL         : http://www.selinuxproject.org
Summary     : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

--------------------------------------------------------------------------------
Update Information:

This fixes the problem with seunshare causing applications to mistakenly use the /tmp directory in an unsafe manner.

CVE-2011-1011
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-19
- Fix portspage in system-config-selinux to not crash
- More fixes for seunshare from Tomas Hoger
* Tue Mar  8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
- Fix rsync to maintain times
* Tue Mar  8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-17
- Use rewritten seunshare from thoger
* Mon Mar  7 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-16
- Require python-IPy for policycoreutils-python package
- Fixes for sepologen 
  - Usage statement needs -n name
  - Names with _ are being prevented
  - dbus apps should get _chat interface
* Thu Mar  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-15
- Fix error message in seunshare, check for tmpdir existance before unlink.
* Fri Feb 25 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-13
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
- Only allow names in polgengui that contain letters and numbers
- Fix up node handling in semanage command
- Update translations
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.85-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-11
- Fix sandbox policy creation with udp connect ports
* Thu Feb  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-10
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
- Cleanup chcat man page
* Wed Feb  2 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-9
- Report full errors on OSError on Sandbox
* Fri Jan 21 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-8
- Fix newrole hanlding of pcap
* Wed Jan 19 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-7
- Have restorecond watch more directories in homedir
* Fri Jan 14 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-6
- Add sandbox to sepolgen
* Thu Jan  6 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-4
- Fix proper handling of getopt errors
- Do not allow modules names to contain spaces
* Wed Jan  5 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-3
- Polgengui raises the wrong type of exception.  #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
* Wed Dec 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.85-2
- Fix restorecond watching utmp file for people logging in our out
* Tue Dec 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.85-1
- Update to upstream
* Thu Dec 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-5
- Change to allow sandbox to run on nfs homedirs, add start python script
* Wed Dec 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-4
- Move seunshare to sandbox package
* Mon Nov 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-3
- Fix sandbox to show correct types in  usage statement
* Mon Nov 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-2
- Stop fixfiles from complaining about missing dirs
* Mon Nov 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-1
- Update to upstream
- List types available for sandbox in usage statement
* Mon Nov 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-37
- Don't report error on load_policy when system is disabled.
* Mon Nov  8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-36
- Fix up problems pointed out by solar designer on dropping capabilities
* Mon Nov  1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-35
- Check if you have full privs and reset otherwise dont drop caps
* Mon Nov  1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-34
- Fix setools require line
* Fri Oct 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-33
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability  checking in sepolgen
* Mon Oct 25 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-32
- Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them
* Wed Sep 29 2010 jkeating - 2.0.83-31
- Rebuilt for gcc bug 634757
* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-30
- Move restorecond into its own subpackage
* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-29
- Fix semanage man page
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #674615 - sandbox shows incomplete error messages from exceptions
        https://bugzilla.redhat.com/show_bug.cgi?id=674615
  [ 2 ] Bug #674945 - chcat man page typo - s/seuser/seusers/
        https://bugzilla.redhat.com/show_bug.cgi?id=674945
  [ 3 ] Bug #662938 - SELinux is preventing /usr/bin/newrole "setpcap" access     .
        https://bugzilla.redhat.com/show_bug.cgi?id=662938
  [ 4 ] Bug #665455 - [abrt] policycoreutils-gui-2.0.83-28.fc14: seobject.py:1936:get_all:TypeError: 'int' object is not iterable
        https://bugzilla.redhat.com/show_bug.cgi?id=665455
  [ 5 ] Bug #662159 - [abrt] policycoreutils-gui-2.0.83-33.2.fc14: polgen.py:405:set_init_script:ValueError: Only Daemon apps can use an init script..
        https://bugzilla.redhat.com/show_bug.cgi?id=662159
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list