- Issued:
- 2020-11-30
- Updated:
- 2020-11-30
RHBA-2020:5243 - fapolicyd bug fix update
Synopsis
fapolicyd bug fix update
Type/Severity
Bug Fix Advisory None
Topic
An update for fapolicyd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Description
The fapolicyd software framework introduces a form of application whitelisting and blacklisting based on a user-defined policy. The application whitelisting feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.
Bug Fix:
- When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.
(BZ#1897091)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.2 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.2 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.2 | s390x |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.2 | aarch64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.2 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 8.2 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.2 | x86_64 |
Updated Packages
- fapolicyd-debuginfo-0.9.1-4.el8_2.3.aarch64.rpm
- fapolicyd-0.9.1-4.el8_2.3.ppc64le.rpm
- fapolicyd-0.9.1-4.el8_2.3.s390x.rpm
- fapolicyd-debugsource-0.9.1-4.el8_2.3.s390x.rpm
- fapolicyd-debuginfo-0.9.1-4.el8_2.3.x86_64.rpm
- fapolicyd-0.9.1-4.el8_2.3.src.rpm
- fapolicyd-debugsource-0.9.1-4.el8_2.3.aarch64.rpm
- fapolicyd-debugsource-0.9.1-4.el8_2.3.x86_64.rpm
- fapolicyd-0.9.1-4.el8_2.3.aarch64.rpm
- fapolicyd-debuginfo-0.9.1-4.el8_2.3.ppc64le.rpm
- fapolicyd-debugsource-0.9.1-4.el8_2.3.ppc64le.rpm
- fapolicyd-0.9.1-4.el8_2.3.x86_64.rpm
- fapolicyd-debuginfo-0.9.1-4.el8_2.3.s390x.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.