Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5391-1

Ubuntu Security Notice 5391-1 - Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
Open in Source
#vulnerability#ubuntu#linux#dos
==========================================================================Ubuntu Security Notice USN-5391-1April 27, 2022libsepol vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 21.10- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in libsepol.Software Description:- libsepol: SELinux library for manipulating binary security policiesDetails:Nicolas Iooss discovered that libsepol incorrectly handled memorywhen handling policies. An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2021-36084)It was discovered that libsepol incorrectly handled memory whenhandling policies. An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2021-36085)It was discovered that libsepol incorrectly handled memory whenhandling policies. An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code. This issue only affects Ubuntu 18.04 LTS,Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)It was discovered that libsepol incorrectly validated certain data,leading to a heap overflow. An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2021-36087)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 21.10:   libsepol1                       3.1-1ubuntu2.1   sepol-utils                     3.1-1ubuntu2.1Ubuntu 20.04 LTS:   libsepol1                       3.0-1ubuntu0.1   sepol-utils                     3.0-1ubuntu0.1Ubuntu 18.04 LTS:   libsepol1                       2.7-1ubuntu0.1   sepol-utils                     2.7-1ubuntu0.1Ubuntu 16.04 ESM:   libsepol1                       2.4-2ubuntu0.1~esm1   sepol-utils                     2.4-2ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5391-1   CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087Package Information:   https://launchpad.net/ubuntu/+source/libsepol/3.1-1ubuntu2.1   https://launchpad.net/ubuntu/+source/libsepol/3.0-1ubuntu0.1   https://launchpad.net/ubuntu/+source/libsepol/2.7-1ubuntu0.1

Packet Storm: Latest News

Grav CMS 1.7.44 Server-Side Template Injection
Packet Storm