- Issued:
- 2017-01-31
- Updated:
- 2017-01-31
RHBA-2017:0222 - Bug Fix Advisory
Synopsis
selinux-policy bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix one bug are now available for Red Hat Enterprise Linux 7.2 Extended Update Support.
Description
The selinux-policy packages contain the rules that govern how confined processes run on the system.
This update fixes the following bug:
- Due to a missing SELinux rule, the krb5_child process failed to retrieve a ticket from the Key Distribution Center (KDC) proxy through HTTPS. This incorrect behavior prevented System Security Services Daemon (SSSD) from completing the authentication. The rule for allowing the sssd_t domain to access a TCP socket has been added and SELinux denials no longer occur during an SSSD authentication using KDCproxy. (BZ#1414308)
Users of selinux-policy are advised to upgrade to these updated packages, which fix this bug.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.2 x86_64
- Red Hat Enterprise Linux Server - AUS 7.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2 x86_64
Fixes
- BZ - 1414308 - SELinux AVC deny when using KDCproxy (krb5_child sssd tcp)
CVEs
(none)
References
(none)
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
x86_64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux Server - AUS 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
x86_64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
s390x | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
ppc64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux EUS Compute Node 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
x86_64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
ppc64le | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux Server - TUS 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
x86_64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2
SRPM | |
---|---|
selinux-policy-3.13.1-60.el7_2.11.src.rpm | SHA-256: 2bf6158c08f26e034ea110236d00aa65c494bf113c4ac2ca3a147a10bc36bc09 |
x86_64 | |
selinux-policy-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: cf2f9b212c2e4cd27b3046b57d5c11c124c910df3f4f637e95378037c0c70bfc |
selinux-policy-devel-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 829aec1d3be65a17596c9ae5c44e586f9e0ac39d14ee9164c3b29e570bcd8902 |
selinux-policy-doc-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 2fbb2bd6b57c08970d34ba08f76c8f9910bb88471bd134b3f9677f28c01e49d7 |
selinux-policy-minimum-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 95a6df1cb1a24ce7812e61fa4616dcb0796a1eb889826cc1dbb67fb6c0472734 |
selinux-policy-mls-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 506532fe60f6f49094b4127a121c5009f3676b00ff9faaa938128577ce2fed13 |
selinux-policy-sandbox-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: f9b345529d81006f2d76fcea967721889c8c83b202e58da387c02621237db5df |
selinux-policy-targeted-3.13.1-60.el7_2.11.noarch.rpm | SHA-256: 4e49eea74000daa93f0e183fd62cc24026e32ddf7389011b2eebe0fed8f02a1f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.