Security update for policycoreutils
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:0338-1
Final
1
1
2017-01-31T12:04:24Z
current
2017-01-31T12:04:24Z
2017-01-31T12:04:24Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for policycoreutils
This update for policycoreutils fixes the following issues:
* CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-RPI-12-SP2-2017-172,SUSE-SLE-SERVER-12-SP2-2017-172
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20170338-1/
Link for SUSE-SU-2017:0338-1
https://lists.suse.com/pipermail/sle-security-updates/2017-January/002610.html
E-Mail link for SUSE-SU-2017:0338-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1000998
SUSE Bug 1000998
https://www.suse.com/security/cve/CVE-2016-7545/
SUSE CVE CVE-2016-7545 page
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
policycoreutils-2.5-6.1
policycoreutils-python-2.5-6.1
policycoreutils-2.5-6.1 as a component of SUSE Linux Enterprise Server 12 SP2
policycoreutils-python-2.5-6.1 as a component of SUSE Linux Enterprise Server 12 SP2
policycoreutils-2.5-6.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
policycoreutils-python-2.5-6.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
policycoreutils-2.5-6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
policycoreutils-python-2.5-6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-7545
SUSE Linux Enterprise Server 12 SP2:policycoreutils-2.5-6.1
SUSE Linux Enterprise Server 12 SP2:policycoreutils-python-2.5-6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:policycoreutils-2.5-6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:policycoreutils-python-2.5-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:policycoreutils-2.5-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:policycoreutils-python-2.5-6.1
low
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170338-1/
https://www.suse.com/security/cve/CVE-2016-7545.html
CVE-2016-7545
https://bugzilla.suse.com/1000998
SUSE Bug 1000998
https://bugzilla.suse.com/968375
SUSE Bug 968375
https://bugzilla.suse.com/968674
SUSE Bug 968674