- Issued:
- 2007-11-15
- Updated:
- 2007-11-15
RHBA-2007:0741 - Bug Fix Advisory
Synopsis
selinux-policy bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix various bugs are now available.
Description
The selinux-policy packages contain the rules that govern how confined
processes will run on the system.
This updated version of selinux-policy addresses the following issues:
- moving a file from a local file system to a ClearCase file system using
the "mv" command failed if SELinux was enabled. The "mv" command tries to
preserve SELinux context data. These updated packages add an SELinux policy
to support the ClearCase multi-version file system, which resolves this
issue.
- if the System Databases and Name Service Switch configuration file --
/etc/nsswitch.conf -- contained "service: files nis", the winbindd daemon
would be denied access to NIS if SELinux Policy was set to "Enforced". This
behavior has been fixed in these updated packages.
- unless specified in the php configuration file, php.ini, httpd uses /tmp
as the default upload directory. Previous selinux-policy packages prevented
httpd access to /tmp. This has been resolved in these updated packages.
- the httpd process now has read and write access to /var/cache/mod_proxy.
- enabling Simple Network Management Protocol (SNMP) in squid would result
in "avc: denied" error messages in syslog. The squid related SELinux policy
has been updated allowing squid to interact with SNMP.
All SELinux users should upgrade to these updated packages, which resolve
these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 193579 - selinux does not allow uploading to apache default tmp dir.
- BZ - 229017 - snmp-enabled squid throws avc denied
- BZ - 232476 - allow httpd write access to /var/cache/mod_proxy/*
- BZ - 233625 - SELinux prevents winbindd to access NIS and stops.
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
selinux-policy-targeted-1.17.30-2.149.src.rpm | SHA-256: 3092a10b53b0524c03dd96c04a9ca5d6825e115df5b094d8ee7f663877afa438 |
x86_64 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
ia64 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
i386 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
selinux-policy-targeted-1.17.30-2.149.src.rpm | SHA-256: 3092a10b53b0524c03dd96c04a9ca5d6825e115df5b094d8ee7f663877afa438 |
x86_64 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
ia64 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
i386 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
selinux-policy-targeted-1.17.30-2.149.src.rpm | SHA-256: 3092a10b53b0524c03dd96c04a9ca5d6825e115df5b094d8ee7f663877afa438 |
x86_64 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
i386 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
selinux-policy-targeted-1.17.30-2.149.src.rpm | SHA-256: 3092a10b53b0524c03dd96c04a9ca5d6825e115df5b094d8ee7f663877afa438 |
s390x | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
s390 | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
selinux-policy-targeted-1.17.30-2.149.src.rpm | SHA-256: 3092a10b53b0524c03dd96c04a9ca5d6825e115df5b094d8ee7f663877afa438 |
ppc | |
selinux-policy-targeted-1.17.30-2.149.noarch.rpm | SHA-256: df63d27d8675d17c3b4f3f524d2582b46b895c0277ed3bd5e3fae35e77452110 |
selinux-policy-targeted-sources-1.17.30-2.149.noarch.rpm | SHA-256: e23b31db2bff86aa40a96c946529f6ab58d424ff781ed4512093b6762dd68caf |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.