Design/Logic Flaw

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by 1 triggering an SELinux denial with a crafted file name, which is handled by the settpath function in auditdata.py or via a crafted 2 localid or 3 analysisid field in a crafted...

CVE-2016-4445

The fixlookupid function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function...

CVE-2016-4445

CVE-2016-4445 affects setroubleshoot: the fix_lookup_id function in sealert before 3.2.23 allows local users to run arbitrary commands as root by triggering an SELinux denial with a crafted filename, using commands.getstatusoutput. Affected: setroubleshoot prior to 3.2.23. Mitigation: upgrade to ...

Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fixes : - Shell command injection...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1267)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1267 advisory. - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins Tenable has extracted the preceding description block directly from the...

CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS Update for setroubleshoot CESA-2016:1267 centos6

Check the version of setroubleshoot SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882509";...

RHEL 6 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: setroubleshoot and setroubleshoot-plugins security update

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

setroubleshoot and setroubleshoot-plugins security update

setroubleshoot 3.0.47-12.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.0.47-12 - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins 3.0.40-3.1.0.1 - Add setroubleshoot-plugins-oracle-enterprise.patch 3.0.40-3.1 - Don't u...