- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0158 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix a number of bugs and add various
enhancements are now available for Red Hat Enterprise Linux 5.
Description
The selinux-policy packages contain the rules that govern how confined processes
run in the system.
These updated selinux-policy packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes for
information on the most significant of these changes:
All users of SELinux are advised to upgrade to these updated packages, which
provide numerous bug fixes and enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 693149 - wpa_cli fails to connect to running wpa_supplicant due to selinux
- BZ - 709370 - enforcing MLS: mcelog AVC appears
- BZ - 715285 - avc: denied { sys_tty_config } for ... comm="sa1" ... scontext=root:system_r:sysstat_t:s0 tcontext=root:system_r:sysstat_t:s0 ...
- BZ - 716927 - enforcing MLS: avahi-browse blocked by SELinux
- BZ - 716956 - MLS avc: denied { getattr } for ... comm="crond" path="/etc/krb5.conf" ... scontext=system_u:system_r:crond_t:s0-s15:c0.c1023 tcontext=system_u:object_r:krb5_conf_t:s0 tclass=file
- BZ - 717152 - enforcing MLS: smartd is blocked by SELinux
- BZ - 718219 - RFE: let postfix use dkim-milter
- BZ - 719732 - [RHEL5.7][SELinux] avc: denied { sys_module } for pid=3008 comm="irqbalance"
- BZ - 720462 - Zarafa needs a SELinux treatment to work (currently works only in the permissive mode)
- BZ - 721041 - smbd scanning /boot when responding to quota check request
- BZ - 722536 - selinux policy does not permit rsyslog(-mysql) to access the mysql database
- BZ - 722579 - SELinux prevents ricci from installing RPMs.
- BZ - 724941 - [RFE] subscription-manager does not have it's own policy
- BZ - 728957 - User managed fetchmail forbidden after selinux upgrade
- BZ - 730294 - selinux preventing procmail to execute hostname command
- BZ - 730962 - When using pam authentication in squid, AVC denial about netlink_audit_socket
- BZ - 732732 - swat can't write to logs
- BZ - 741670 - sh (dhcpc_t) is attempting to "execute" to ./iptables (iptables_exec_t)
- BZ - 745139 - selinux policy restricts rsyslog clients from connecting to port 6514
- BZ - 745175 - selinux prevents rsyslogd to access /usr/share/snmp/mibs/.index
- BZ - 746351 - SELinux prevents ricci from starting/stopping & enabling/disabling services.
- BZ - 752487 - Finger cannot connect to ldap server
- BZ - 756066 - Failing cvs login causes avc denial on /var/run/utmp
- BZ - 759499 - ntpd produces an AVC when started from firstboot GUI
- BZ - 761485 - [SeLinux] selinux stop iscsi login in via bnx2i
- BZ - 781477 - SELinux is preventing openvpn (openvpn_t) "sys_nice" to <Unknown> (openvpn_t)
- BZ - 784307 - setroubleshootd needs to be allowed to execute rpm
CVEs
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
x86_64 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
ia64 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
i386 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
x86_64 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
i386 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
x86_64 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
i386 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
s390x | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
ppc | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
selinux-policy-2.4.6-327.el5.src.rpm | SHA-256: 4b0aebee2481a83d71d27b6deb877325f9f04d5654c55d7a4bf06bbfa67341b5 |
x86_64 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
i386 | |
selinux-policy-2.4.6-327.el5.noarch.rpm | SHA-256: 9f8446230e2d2f1f713c080a5477741872a5eafce95e8a62a72345d8f0592bf2 |
selinux-policy-devel-2.4.6-327.el5.noarch.rpm | SHA-256: 2b6fc86d1dc0fa38cb085ff47212f46b0813dac021c0ab541812154858b407d2 |
selinux-policy-minimum-2.4.6-327.el5.noarch.rpm | SHA-256: 949814b503049accdb042eed925b7bfce759d054ffec6231666156ec3b1f7718 |
selinux-policy-mls-2.4.6-327.el5.noarch.rpm | SHA-256: 8fe72f3888ffe0267411f716c570d184e9c090520d07efa6652ca9b3ea08c6aa |
selinux-policy-strict-2.4.6-327.el5.noarch.rpm | SHA-256: 664d94a3704665cecedf936f2242d2b21eda1175ef669f7abaedf22bcaf962c0 |
selinux-policy-targeted-2.4.6-327.el5.noarch.rpm | SHA-256: 32b343d6aa10c9080dfd45502b69426f38afd6bdb0eb6bf6d86be6b548963aa8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.