Oracle Linux 8 : libsepol (ELSA-2021-4513)

low Nessus Plugin ID 155432

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4513 advisory.

[2.9-3]
- cil: Fix out-of-bound read of file context pattern ending with '\'
- cil: Destroy classperms list when resetting classpermission (#1983517)
- cil: Destroy classperm list when resetting map perms (#1983521)
- cil: cil_reset_classperms_set() should not reset classpermission (#1983525)
- cil: Set class field to NULL when resetting struct cil_classperms
- cil: More strict verification of constraint leaf expressions
- cil: Exit with an error if declaration name is a reserved word
- cil: Allow permission expressions when using map classes
- cil: Reorder checks for invalid rules when building AST
- cil: Cleanup build AST helper functions
- cil: Create new first child helper function for building AST
- cil: Remove unused field from struct cil_args_resolve
- cil: Destroy disabled optional blocks after pass is complete
- cil: Check if name is a macro parameter first
- cil: fix NULL pointer dereference in __cil_insert_name
- cil: Report disabling an optional block only at high verbose levels
- cil: Use AST to track blocks and optionals when resolving
- cil: Reorder checks for invalid rules when resolving AST
- cil: Sync checks for invalid rules in booleanifs
- cil: Check for statements not allowed in optional blocks (#1983530)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsepol, libsepol-devel and / or libsepol-static packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-4513.html

Plugin Details

Severity: Low

ID: 155432

File Name: oraclelinux_ELSA-2021-4513.nasl

Version: 1.4

Type: local

Agent: unix

Published: 11/17/2021

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-36087

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libsepol-static, p-cpe:/a:oracle:linux:libsepol, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:libsepol-devel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 7/1/2021

Reference Information

CVE: CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087