libsepol 2.7-1ubuntu0.1 source package in Ubuntu
Changelog
libsepol (2.7-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36084.patch: alter destruction of
classperms list when resetting classpermission by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36084
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36085.patch: alter destruction of
classperms when resetting a perm by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36085
* SECURITY UPDATE: use-after-free in cil_reset_classpermission
- debian/patches/CVE-2021-36086.patch: prevent
cil_reset_classperms_set from resetting classpermission by
setting it to NULL in cil/src/cil_reset_ast.c
- CVE-2021-36086
* SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
- debian/patches/CVE-2021-36087.patch: check if a tunable
declaration, in-statement, block, blockabstract, or macro definition
is found within an optional in cil/src/cil_build_ast.c and
cil/src/cil_resolve_ast.c
- CVE-2021-36087
-- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 12:52:52 +0200
Upload details
- Uploaded by:
- David Fernandez Gonzalez
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- linux-any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | updates | main | misc | |
| Bionic | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libsepol_2.7.orig.tar.gz | 460.1 KiB | d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7 |
| libsepol_2.7-1ubuntu0.1.debian.tar.xz | 16.3 KiB | 2ea3d0c1d35f7b599b2eb56358b97b2e055a657484e5a7458102d2cc37d8e570 |
| libsepol_2.7-1ubuntu0.1.dsc | 2.1 KiB | e63a92d32989d45aecaad7d53860422ac913f2d87f063b1b27caa7be5bae9a5e |
Available diffs
Binary packages built by this source
- libsepol1: SELinux library for manipulating binary security policies
Security-enhanced Linux is a patch of the Linux kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type EnforcementĀ®, Role-based Access
Control, and Multi-level Security.
.
libsepol provides an API for the manipulation of SELinux binary policies.
It is used by checkpolicy (the policy compiler) and similar tools, as well
as by programs like load_policy that need to perform specific transformations
on binary policies such as customizing policy boolean settings.
- libsepol1-dbgsym: debug symbols for libsepol1
- libsepol1-dev: SELinux binary policy manipulation library and development files
libsepol allows programs to easily modify SELinux binary policies. This
means changing the default values for booleans, or reading the policy for
analysis.
.
This package contains the headers and archives used for linking it into your
programs.
- sepol-utils: Security Enhanced Linux policy utility programs
This package provides a utility for a Security-enhanced
Linux system to rewrite existing mandatory access control policy with
different boolean setting, generating a new policy. Security-enhanced
Linux is a patch of the Linux kernel and a number of utilities with
enhanced security functionality designed to add mandatory access
controls to Linux. This package provides utility programs to get and
set process and file security contexts and to obtain security policy
decisions.
- sepol-utils-dbgsym: debug symbols for sepol-utils
