CVE-2016-4989

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by 1 triggering an SELinux denial with a crafted file name, which is handled by the settpath function in auditdata.py or via a crafted 2 localid or 3 analysisid field in a crafted...

CVE-2016-4989

CVE-2016-4989 affects setroubleshoot and setroubleshoot-plugins. Local users can bypass container protections and execute arbitrary commands by triggering an SELinux denial via a crafted file name (handled by _set_tpath in audit_data.py) or via crafted local_id/analysis_id fields in a crafted XML...

Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fixes : - Shell command injection...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1293-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1293)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1293)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1293 advisory. The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache AVC messages are returned, an alert ca...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for setroubleshoot CESA-2016:1267 centos6

Check the version of setroubleshoot SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882509";...

CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Oracle Linux 6 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1267)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1267 advisory. - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins Tenable has extracted the preceding description block directly from the...

RHEL 6 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: setroubleshoot and setroubleshoot-plugins security update

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2016-4989

Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges...