Issued:: 2012-06-20
Updated:: 2012-06-20

RHBA-2012:0969 - policycoreutils bug fix update

Synopsis

policycoreutils bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated policycoreutils packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.

These updated policycoreutils packages provide fixes for the following bugs:

The semanage utility did not produce correct audit messages in the Common Criteria certified environment. This update modifies semanage so that it now sends correct audit events when the user is assigned to or removed from a new role.

This update also modifies behavior of semanage concerning the user's SELinux Multi-Level Security (MLS) and Multi-Category Security (MCS) range. The utility now works with the user's default range of the MLS/MCS security level instead of the lowest.

In addition, the semanage(8) manual page has been corrected to reflect the current semanage functionality. (BZ#784595)

Prior to this update, the ppc and ppc64 versions of the policycoreutils package conflicted with each other when installed on the same system. This update fixes this bug; ppc and ppc64 versions of the package can now be installed simultaneously. (BZ#751313)
The missing exit(1) function call in the underlying code of the sepolgen-ifgen utility could cause the restorecond daemon to access already freed memory when retrieving user's information. This would cause restorecond to terminate unexpectedly with a segmentation fault. With this update, restorecond has been modified to check the return value of the getpwuid() function to avoid this situation. (BZ#684015)
When installing packages on the system in Federal Information Processing Standard (FIPS) mode, parsing errors could occur and installation failed. This was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser, which used MD5 checksums that are not supported in FIPS mode. This update modifies the parser to use SHA-256 checksums and installation process is now successful. (BZ#786191)
Due to a pam_namespace issue which caused a leak of mount points to the parent namespace, polyinstantiated directories could be seen by users other than the owner of that directory. With this update, the mount points no longer leak to the parent namespace, and users can only see directories they own. (BZ#786664)
When a user or a program ran the "semanage fcontext" command, a traceback error was returned. This was due to a typographical error in the source code of the semanage command. This updates fixes this error, and executing the semanage fcontext command works as expected. (BZ#806736, BZ#807011)

All users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux for Power, big endian	6	ppc64
Red Hat Enterprise Linux for IBM z Systems	6	s390x
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server from RHUI	6	x86_64
Red Hat Enterprise Linux Server from RHUI	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
policycoreutils-2.0.83-19.24.el6.i686.rpm
policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm
policycoreutils-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-python-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-sandbox-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-gui-2.0.83-19.24.el6.s390x.rpm
policycoreutils-2.0.83-19.24.el6.x86_64.rpm
policycoreutils-debuginfo-2.0.83-19.24.el6.x86_64.rpm
policycoreutils-newrole-2.0.83-19.24.el6.s390x.rpm
policycoreutils-debuginfo-2.0.83-19.24.el6.s390x.rpm
policycoreutils-sandbox-2.0.83-19.24.el6.s390x.rpm
policycoreutils-debuginfo-2.0.83-19.24.el6.i686.rpm
policycoreutils-2.0.83-19.24.el6.s390x.rpm
policycoreutils-2.0.83-19.24.el6.src.rpm
policycoreutils-python-2.0.83-19.24.el6.s390x.rpm
policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
policycoreutils-newrole-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm
policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
policycoreutils-debuginfo-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-python-2.0.83-19.24.el6.i686.rpm
policycoreutils-gui-2.0.83-19.24.el6.ppc64.rpm
policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.