Skip to navigation

Bug Fix Advisory libsepol enhancement update

Advisory: RHBA-2011:1689-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Enhanced libsepol packages are now available for Red Hat Enterprise Linux 6.

The libsepol library provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar tools, as
well as by programs like load_policy that need to perform specific
transformations on binary policies (for example, customizing policy boolean
settings).

This update adds the following enhancement:

* Previously, the libsepol packages were compiled without the RELRO (read-only
relocations) flag. As a consequence, programs provided by this package and also
programs built against the libsepol libraries were vulnerable to various attacks
based on overwriting the ELF section of a program. To increase the security of
libsepol programs and libraries, the libsepol spec file has been modified to use
the "-Wl,-z,relro" flags when compiling the packages. As a result, the libsepol
packages are now provided with partial RELRO protection. (BZ#727285)

Users of libsepol are advised to upgrade to these updated packages, which add
this enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)
SRPMS:
libsepol-2.0.41-4.el6.src.rpm     MD5: 014a87a2368a21c0a901332b75602630
SHA-256: 90a0a7bc660166d87827a3bf3507f9e982a08143aa3907c99962874d3d157fcb
 
IA-32:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-static-2.0.41-4.el6.i686.rpm     MD5: 1e74661c06af40554a6a02ffafed5c66
SHA-256: c4ed626a127f1f02a285f87cb77bbe69ef11c9ecba38ac76670a9674ebc9e8bd
 
x86_64:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-2.0.41-4.el6.x86_64.rpm     MD5: 15ca1ba35451082e97382878cb3494fe
SHA-256: f0a4813f6db27ebf71c338901a88d5e1046f2a90f1e5770f62b60f664ee1309a
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-debuginfo-2.0.41-4.el6.x86_64.rpm     MD5: 4e500087a81bd6937db9a7b3d67a616c
SHA-256: 0cd10bcfe5f219f09d8517c49ff594b7bc95d546fb5f54985fadaae8f5e8f898
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-devel-2.0.41-4.el6.x86_64.rpm     MD5: a8de1e0f2ecb0b627eef35a1b79d5d45
SHA-256: d79d6449a4f55633ad1afca8d4c169097dcbccb898bdabb6662069bf7e792a1d
libsepol-static-2.0.41-4.el6.x86_64.rpm     MD5: 2bf2aef3bed3ee850cb33e10178394d3
SHA-256: d884cc02595ea4314c651a3398de0e2eb903748c9f9955b2ce74627605130ae9
 
Red Hat Enterprise Linux HPC Node (v. 6)
SRPMS:
libsepol-2.0.41-4.el6.src.rpm     MD5: 014a87a2368a21c0a901332b75602630
SHA-256: 90a0a7bc660166d87827a3bf3507f9e982a08143aa3907c99962874d3d157fcb
 
x86_64:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-2.0.41-4.el6.x86_64.rpm     MD5: 15ca1ba35451082e97382878cb3494fe
SHA-256: f0a4813f6db27ebf71c338901a88d5e1046f2a90f1e5770f62b60f664ee1309a
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-debuginfo-2.0.41-4.el6.x86_64.rpm     MD5: 4e500087a81bd6937db9a7b3d67a616c
SHA-256: 0cd10bcfe5f219f09d8517c49ff594b7bc95d546fb5f54985fadaae8f5e8f898
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-devel-2.0.41-4.el6.x86_64.rpm     MD5: a8de1e0f2ecb0b627eef35a1b79d5d45
SHA-256: d79d6449a4f55633ad1afca8d4c169097dcbccb898bdabb6662069bf7e792a1d
libsepol-static-2.0.41-4.el6.x86_64.rpm     MD5: 2bf2aef3bed3ee850cb33e10178394d3
SHA-256: d884cc02595ea4314c651a3398de0e2eb903748c9f9955b2ce74627605130ae9
 
Red Hat Enterprise Linux Server (v. 6)
SRPMS:
libsepol-2.0.41-4.el6.src.rpm     MD5: 014a87a2368a21c0a901332b75602630
SHA-256: 90a0a7bc660166d87827a3bf3507f9e982a08143aa3907c99962874d3d157fcb
 
IA-32:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-static-2.0.41-4.el6.i686.rpm     MD5: 1e74661c06af40554a6a02ffafed5c66
SHA-256: c4ed626a127f1f02a285f87cb77bbe69ef11c9ecba38ac76670a9674ebc9e8bd
 
PPC:
libsepol-2.0.41-4.el6.ppc.rpm     MD5: c0cdec85e069e7295314ab8df645b7dc
SHA-256: bb76eb14c8de5a5480a4933cfb49ccfc9676724eb6ded50798d6c5c341422cfc
libsepol-2.0.41-4.el6.ppc64.rpm     MD5: 187ba5c470777b7dd8fc4e703f75fcba
SHA-256: bcf280c72c09c81090cd95b186868dbfa4cab9aaf99dc838575a6b4fee34a331
libsepol-debuginfo-2.0.41-4.el6.ppc.rpm     MD5: 57652efcdcedcf25b78ace7399451a60
SHA-256: b314bd9378e05ef6c98b559e539617d7c416a86f67f96cd112416ee6379d48c0
libsepol-debuginfo-2.0.41-4.el6.ppc64.rpm     MD5: c355ee907d67078b0599bb23563aea9a
SHA-256: 983af79b5987d97a32f8d35e929267e35d98dfaf7bacb2009579b6c5328c8c70
libsepol-devel-2.0.41-4.el6.ppc.rpm     MD5: e599ab8d37f790df0368919edfe37153
SHA-256: 94bf794b4dd6c00bed53af3a335fda966654d832258f38025ef07e60add8ff9c
libsepol-devel-2.0.41-4.el6.ppc64.rpm     MD5: c6a9cc7635e9fd0b4cf8d9fc394da01d
SHA-256: 95bd466c540c4d1c5152474c6abd0b9a45e9fee622c56b111c86d70ab04b3b12
libsepol-static-2.0.41-4.el6.ppc64.rpm     MD5: 33644b583e34797a267e3a184edd3121
SHA-256: d31fa159fefbb2e4eb6ea0fdfda1a278c1aeb3d77d7da158b9e53b9396ef3335
 
s390x:
libsepol-2.0.41-4.el6.s390.rpm     MD5: 7b28608c7ef96c490c9ea29820b65a17
SHA-256: 4439c4c41d758a3abc67ed62eabc232d742d9ffa65091df56417263b27852e65
libsepol-2.0.41-4.el6.s390x.rpm     MD5: 5932b26c4ac2e09a3ae3741b174c38e1
SHA-256: 9791a8498205ad6fd4eefde186ba848e5b20517f5a9d82cccdb8c679e16ab109
libsepol-debuginfo-2.0.41-4.el6.s390.rpm     MD5: 487a267e2a7f971994c21f0804036bc9
SHA-256: dff648976ec420285c68bded56c8c42c3db0b0df8d06f885f9f079f4fb51ee09
libsepol-debuginfo-2.0.41-4.el6.s390x.rpm     MD5: 95162be72a4774e1c2f0475d2cb7f228
SHA-256: de1e6c0d585f2dcc17ec3fc96dbab87c9f54a2394abe78e55cad4a3616d2427e
libsepol-devel-2.0.41-4.el6.s390.rpm     MD5: 7caa503043cf71ecaac3a206948369b1
SHA-256: bf3b27cdc50cb1f18d414c813c8c26693f30d726f40d519fb6db70e9a751c9c8
libsepol-devel-2.0.41-4.el6.s390x.rpm     MD5: 8fe7d342286d67a94cf0b38f988f2e66
SHA-256: 63d26edcbffc089f69ae7c774112d772e1403e9c203492ce23b5fd5a981c6091
libsepol-static-2.0.41-4.el6.s390x.rpm     MD5: 8deb220ed58d3678ad65d8383b613d42
SHA-256: 9b03d3f3b794455193eec1cbe194c0ea3940ca43a35d81ac9f7a3d2c56d43c0f
 
x86_64:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-2.0.41-4.el6.x86_64.rpm     MD5: 15ca1ba35451082e97382878cb3494fe
SHA-256: f0a4813f6db27ebf71c338901a88d5e1046f2a90f1e5770f62b60f664ee1309a
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-debuginfo-2.0.41-4.el6.x86_64.rpm     MD5: 4e500087a81bd6937db9a7b3d67a616c
SHA-256: 0cd10bcfe5f219f09d8517c49ff594b7bc95d546fb5f54985fadaae8f5e8f898
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-devel-2.0.41-4.el6.x86_64.rpm     MD5: a8de1e0f2ecb0b627eef35a1b79d5d45
SHA-256: d79d6449a4f55633ad1afca8d4c169097dcbccb898bdabb6662069bf7e792a1d
libsepol-static-2.0.41-4.el6.x86_64.rpm     MD5: 2bf2aef3bed3ee850cb33e10178394d3
SHA-256: d884cc02595ea4314c651a3398de0e2eb903748c9f9955b2ce74627605130ae9
 
Red Hat Enterprise Linux Workstation (v. 6)
SRPMS:
libsepol-2.0.41-4.el6.src.rpm     MD5: 014a87a2368a21c0a901332b75602630
SHA-256: 90a0a7bc660166d87827a3bf3507f9e982a08143aa3907c99962874d3d157fcb
 
IA-32:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-static-2.0.41-4.el6.i686.rpm     MD5: 1e74661c06af40554a6a02ffafed5c66
SHA-256: c4ed626a127f1f02a285f87cb77bbe69ef11c9ecba38ac76670a9674ebc9e8bd
 
x86_64:
libsepol-2.0.41-4.el6.i686.rpm     MD5: 0886317a27928b6ccce372352081910e
SHA-256: 47c7ac85ed51520b553e2eaaa008bee74cfce0230a5e3b87fac93a95969a68ce
libsepol-2.0.41-4.el6.x86_64.rpm     MD5: 15ca1ba35451082e97382878cb3494fe
SHA-256: f0a4813f6db27ebf71c338901a88d5e1046f2a90f1e5770f62b60f664ee1309a
libsepol-debuginfo-2.0.41-4.el6.i686.rpm     MD5: b61c178e6b0724f3fa1a204eacec0276
SHA-256: dd1b7d142256ff2dd798def2577c129ef7029ec5b514dd3c52acbe48c69a5082
libsepol-debuginfo-2.0.41-4.el6.x86_64.rpm     MD5: 4e500087a81bd6937db9a7b3d67a616c
SHA-256: 0cd10bcfe5f219f09d8517c49ff594b7bc95d546fb5f54985fadaae8f5e8f898
libsepol-devel-2.0.41-4.el6.i686.rpm     MD5: 921a211d7268d204cea8084a40899f99
SHA-256: f255b7de0d15d39eed49a29d819c714dfefcec53d450662d583d6104b9487f08
libsepol-devel-2.0.41-4.el6.x86_64.rpm     MD5: a8de1e0f2ecb0b627eef35a1b79d5d45
SHA-256: d79d6449a4f55633ad1afca8d4c169097dcbccb898bdabb6662069bf7e792a1d
libsepol-static-2.0.41-4.el6.x86_64.rpm     MD5: 2bf2aef3bed3ee850cb33e10178394d3
SHA-256: d884cc02595ea4314c651a3398de0e2eb903748c9f9955b2ce74627605130ae9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

727285 - Request to recompile libraries with -Wl,-z,relro flags


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/