Skip to navigation

Bug Fix Advisory policycoreutils bug fix update

Advisory: RHBA-2012:0969-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-06-20
Last updated on: 2012-06-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated policycoreutils packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

The policycoreutils packages contain the core utilities that are required for
the basic operation of a Security-Enhanced Linux (SELinux) system and its
policies.

These updated policycoreutils packages provide fixes for the following bugs:

* The semanage utility did not produce correct audit messages in the Common
Criteria certified environment. This update modifies semanage so that it now
sends correct audit events when the user is assigned to or removed from a new
role.

This update also modifies behavior of semanage concerning the user's SELinux
Multi-Level Security (MLS) and Multi-Category Security (MCS) range. The utility
now works with the user's default range of the MLS/MCS security level instead of
the lowest.

In addition, the semanage(8) manual page has been corrected to reflect the
current semanage functionality. (BZ#784595)

* Prior to this update, the ppc and ppc64 versions of the policycoreutils
package conflicted with each other when installed on the same system. This
update fixes this bug; ppc and ppc64 versions of the package can now be
installed simultaneously. (BZ#751313)

* The missing exit(1) function call in the underlying code of the sepolgen-ifgen
utility could cause the restorecond daemon to access already freed memory when
retrieving user's information. This would cause restorecond to terminate
unexpectedly with a segmentation fault. With this update, restorecond has been
modified to check the return value of the getpwuid() function to avoid this
situation. (BZ#684015)

* When installing packages on the system in Federal Information Processing
Standard (FIPS) mode, parsing errors could occur and installation failed. This
was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser,
which used MD5 checksums that are not supported in FIPS mode. This update
modifies the parser to use SHA-256 checksums and installation process is now
successful. (BZ#786191)

* Due to a pam_namespace issue which caused a leak of mount points to the parent
namespace, polyinstantiated directories could be seen by users other than the
owner of that directory. With this update, the mount points no longer leak to
the parent namespace, and users can only see directories they own. (BZ#786664)

* When a user or a program ran the "semanage fcontext" command, a traceback
error was returned. This was due to a typographical error in the source code of
the semanage command. This updates fixes this error, and executing the semanage
fcontext command works as expected. (BZ#806736, BZ#807011)

All users of policycoreutils are advised to upgrade to these updated packages,
which fix these bugs.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
policycoreutils-2.0.83-19.24.el6.src.rpm
File outdated by:  RHBA-2013:1608
    MD5: 90488e62615fdceeb4692b5236836776
SHA-256: cc87d66ce40d57c636a3de12b27eb1cb0fee17035d040f25265fa23baa983a7f
 
IA-32:
policycoreutils-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 3424ed68d4a77eb33130d2da41003bbf
SHA-256: 2723f259681a02fd112ffa25110a56a4851119a28a65bdf1371fed9b4df05948
policycoreutils-debuginfo-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 07c0cd9846e17145b1a8e641dadc0785
SHA-256: 2491a2a4c0df6dec5e0d02bf624895e25e116a3b2f71e392d21eefc2a2031d84
policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 6822e681e6a94a521257015cf57a68cd
SHA-256: b4cd8ab12a0d0a7d9eccec0ce8c694de19aef2f6f537ea8a8544f9d86d3d0533
policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62537eea0cc83f3aeeb1ebc70d3d05e7
SHA-256: 5f7b578e66b5c0f9827350378695a6a0806bedf6f75ea80c035a55625567cdde
policycoreutils-python-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 8a9528e50c8b359314f0ad3829d07f07
SHA-256: d4143657fe781a77f3d54dd78dc7cd7e4788be8e929c4d6b2d3b78ba8a7bd67f
policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: cef1e13def0b945986a5b162423122d5
SHA-256: 834b649069492aed21b8e5083eb111b95c93e8b59eee73f79324285c4d4b4101
 
x86_64:
policycoreutils-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62139ebc4a15485f514e91225131ee86
SHA-256: 5bf86da19db6eddcba0cd94d5918b36ffb003b8c95ee4b5dcdb6e248a387c937
policycoreutils-debuginfo-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 5ba088c5336faab37aeeee5a3c0f893c
SHA-256: 33d93c472d5441d4ef06bd23cad47b99e7bbad96ee49980d7a9938bd038a8029
policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: efe50d36a3c82ca3f90af47c57786547
SHA-256: 01a5ba4816a7899b69ee2a120dbc3cbc51d0656b92446f693eaab87841f9d0c5
policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 89e7140faea0d01ddc3ecc115b7484b5
SHA-256: e46e05c54aaefb07c88c0b1411619c96b7b312f66af21d78a817f0016018ad50
policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 035aae4752bf4affec6e5284c5919fbb
SHA-256: 8dca3392e8a5578752748e2b14d13a4c84e51b81a962c2c0972ff1549299d812
policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 66207cab1d921bfbcdfdbb6767ee69fe
SHA-256: a7de1c92c6a6f7cb65a70e3ef1ed7f175bd3ca1aa57bc46247c247cc16f95d54
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
policycoreutils-2.0.83-19.24.el6.src.rpm
File outdated by:  RHBA-2013:1608
    MD5: 90488e62615fdceeb4692b5236836776
SHA-256: cc87d66ce40d57c636a3de12b27eb1cb0fee17035d040f25265fa23baa983a7f
 
x86_64:
policycoreutils-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62139ebc4a15485f514e91225131ee86
SHA-256: 5bf86da19db6eddcba0cd94d5918b36ffb003b8c95ee4b5dcdb6e248a387c937
policycoreutils-debuginfo-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 5ba088c5336faab37aeeee5a3c0f893c
SHA-256: 33d93c472d5441d4ef06bd23cad47b99e7bbad96ee49980d7a9938bd038a8029
policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: efe50d36a3c82ca3f90af47c57786547
SHA-256: 01a5ba4816a7899b69ee2a120dbc3cbc51d0656b92446f693eaab87841f9d0c5
policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 89e7140faea0d01ddc3ecc115b7484b5
SHA-256: e46e05c54aaefb07c88c0b1411619c96b7b312f66af21d78a817f0016018ad50
policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 035aae4752bf4affec6e5284c5919fbb
SHA-256: 8dca3392e8a5578752748e2b14d13a4c84e51b81a962c2c0972ff1549299d812
policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 66207cab1d921bfbcdfdbb6767ee69fe
SHA-256: a7de1c92c6a6f7cb65a70e3ef1ed7f175bd3ca1aa57bc46247c247cc16f95d54
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
policycoreutils-2.0.83-19.24.el6.src.rpm
File outdated by:  RHBA-2013:1608
    MD5: 90488e62615fdceeb4692b5236836776
SHA-256: cc87d66ce40d57c636a3de12b27eb1cb0fee17035d040f25265fa23baa983a7f
 
IA-32:
policycoreutils-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 3424ed68d4a77eb33130d2da41003bbf
SHA-256: 2723f259681a02fd112ffa25110a56a4851119a28a65bdf1371fed9b4df05948
policycoreutils-debuginfo-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 07c0cd9846e17145b1a8e641dadc0785
SHA-256: 2491a2a4c0df6dec5e0d02bf624895e25e116a3b2f71e392d21eefc2a2031d84
policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 6822e681e6a94a521257015cf57a68cd
SHA-256: b4cd8ab12a0d0a7d9eccec0ce8c694de19aef2f6f537ea8a8544f9d86d3d0533
policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62537eea0cc83f3aeeb1ebc70d3d05e7
SHA-256: 5f7b578e66b5c0f9827350378695a6a0806bedf6f75ea80c035a55625567cdde
policycoreutils-python-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 8a9528e50c8b359314f0ad3829d07f07
SHA-256: d4143657fe781a77f3d54dd78dc7cd7e4788be8e929c4d6b2d3b78ba8a7bd67f
policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: cef1e13def0b945986a5b162423122d5
SHA-256: 834b649069492aed21b8e5083eb111b95c93e8b59eee73f79324285c4d4b4101
 
PPC:
policycoreutils-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 95971af3e7bd8e03a99158556652555a
SHA-256: 78e96d0ca45a80a2f15610b7429f94dc12332d393d66e3bc90ab4d868de42731
policycoreutils-debuginfo-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 485674b8d5e584b279b96f24757f4582
SHA-256: cf5b2e976de08178a91ec787e76fc2caff93083167b92f014ac20f785ce57c61
policycoreutils-gui-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 27fbaa164fe4e406e4bee35d9eac0cf8
SHA-256: ddae5444932563152e6b146805013707d855037e0a4156a1a594d8ee5adf6f78
policycoreutils-newrole-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 615ce7607ab58796681fb38f71a2eff9
SHA-256: 751d5eefa38b7a56442f0384705581a38e9168a6787cb1d12ddf4efc3b7b7a9e
policycoreutils-python-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: edc713978fbaafaf623bb81d41fb2648
SHA-256: 243854209f7529b1729ad62e489d894c917c0858d4536178070d794351be9504
policycoreutils-sandbox-2.0.83-19.24.el6.ppc64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 1df894daff0bce254a698a387e4e61f2
SHA-256: 8045865c03c85360db86ac3635fcaa6d8c0ca63b346d06f3a8433533137ebe31
 
s390x:
policycoreutils-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: c41030891d2cfd9454507fb2cc40d9e0
SHA-256: cefb3282ccd654389f44a8192748d19b18559e4c393418c42c465afb0f7a3277
policycoreutils-debuginfo-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: 4f1b84efefe3751d49c913f8662ac5f6
SHA-256: 081aeb05a8b74b53b0e75f714c1cf0562222bb3f277fafadfa77bffd862c0f45
policycoreutils-gui-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: ff57f28d275bcc5a064206b15ff84168
SHA-256: b27603e2a4d4ba2b1ba9ad0a1ab19e9c8c0223a6e8b82eb4992f3addec942900
policycoreutils-newrole-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: 91a80390ae78a72ae393b93eb1fd93c3
SHA-256: e1e565e6224c94302fc3836dd9fb9ce9eee8318e1228d2aa2e5edea2200e8ffe
policycoreutils-python-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: 829e6d2ebda9b81a9b911473db6e9c54
SHA-256: 74c43da0bbfed487cd5566dd747fa3e97186fe86ceb4a0ca709ab87b2a755c4a
policycoreutils-sandbox-2.0.83-19.24.el6.s390x.rpm
File outdated by:  RHBA-2013:1608
    MD5: 5bd8523edf8739de28b9a54841e203ad
SHA-256: 70d36b2bd7820f68554f10f3b2e6ba2bc23f8c64e64c53b21cb5991d0a433ad9
 
x86_64:
policycoreutils-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62139ebc4a15485f514e91225131ee86
SHA-256: 5bf86da19db6eddcba0cd94d5918b36ffb003b8c95ee4b5dcdb6e248a387c937
policycoreutils-debuginfo-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 5ba088c5336faab37aeeee5a3c0f893c
SHA-256: 33d93c472d5441d4ef06bd23cad47b99e7bbad96ee49980d7a9938bd038a8029
policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: efe50d36a3c82ca3f90af47c57786547
SHA-256: 01a5ba4816a7899b69ee2a120dbc3cbc51d0656b92446f693eaab87841f9d0c5
policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 89e7140faea0d01ddc3ecc115b7484b5
SHA-256: e46e05c54aaefb07c88c0b1411619c96b7b312f66af21d78a817f0016018ad50
policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 035aae4752bf4affec6e5284c5919fbb
SHA-256: 8dca3392e8a5578752748e2b14d13a4c84e51b81a962c2c0972ff1549299d812
policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 66207cab1d921bfbcdfdbb6767ee69fe
SHA-256: a7de1c92c6a6f7cb65a70e3ef1ed7f175bd3ca1aa57bc46247c247cc16f95d54
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
policycoreutils-2.0.83-19.24.el6.src.rpm
File outdated by:  RHBA-2013:1608
    MD5: 90488e62615fdceeb4692b5236836776
SHA-256: cc87d66ce40d57c636a3de12b27eb1cb0fee17035d040f25265fa23baa983a7f
 
IA-32:
policycoreutils-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 3424ed68d4a77eb33130d2da41003bbf
SHA-256: 2723f259681a02fd112ffa25110a56a4851119a28a65bdf1371fed9b4df05948
policycoreutils-debuginfo-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 07c0cd9846e17145b1a8e641dadc0785
SHA-256: 2491a2a4c0df6dec5e0d02bf624895e25e116a3b2f71e392d21eefc2a2031d84
policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 6822e681e6a94a521257015cf57a68cd
SHA-256: b4cd8ab12a0d0a7d9eccec0ce8c694de19aef2f6f537ea8a8544f9d86d3d0533
policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62537eea0cc83f3aeeb1ebc70d3d05e7
SHA-256: 5f7b578e66b5c0f9827350378695a6a0806bedf6f75ea80c035a55625567cdde
policycoreutils-python-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: 8a9528e50c8b359314f0ad3829d07f07
SHA-256: d4143657fe781a77f3d54dd78dc7cd7e4788be8e929c4d6b2d3b78ba8a7bd67f
policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm
File outdated by:  RHBA-2013:1608
    MD5: cef1e13def0b945986a5b162423122d5
SHA-256: 834b649069492aed21b8e5083eb111b95c93e8b59eee73f79324285c4d4b4101
 
x86_64:
policycoreutils-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 62139ebc4a15485f514e91225131ee86
SHA-256: 5bf86da19db6eddcba0cd94d5918b36ffb003b8c95ee4b5dcdb6e248a387c937
policycoreutils-debuginfo-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 5ba088c5336faab37aeeee5a3c0f893c
SHA-256: 33d93c472d5441d4ef06bd23cad47b99e7bbad96ee49980d7a9938bd038a8029
policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: efe50d36a3c82ca3f90af47c57786547
SHA-256: 01a5ba4816a7899b69ee2a120dbc3cbc51d0656b92446f693eaab87841f9d0c5
policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 89e7140faea0d01ddc3ecc115b7484b5
SHA-256: e46e05c54aaefb07c88c0b1411619c96b7b312f66af21d78a817f0016018ad50
policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 035aae4752bf4affec6e5284c5919fbb
SHA-256: 8dca3392e8a5578752748e2b14d13a4c84e51b81a962c2c0972ff1549299d812
policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm
File outdated by:  RHBA-2013:1608
    MD5: 66207cab1d921bfbcdfdbb6767ee69fe
SHA-256: a7de1c92c6a6f7cb65a70e3ef1ed7f175bd3ca1aa57bc46247c247cc16f95d54
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

684015 - unchecked return value of getpwuid() in policycoreutils-rhat.patch
784595 - semanage is sending the wrong kind of audit events
786191 - selinux-policy update shows error parsing file obj_perm_sets.spt in FIPS mode



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/