Oval Definition:oval:com.redhat.rhsa:def:20150729
Revision Date:2015-03-26Version:640
Title:RHSA-2015:0729: setroubleshoot security update (Important)
Description:The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

  • It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. (CVE-2015-1815)

    Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.

    All setroubleshoot users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-1815
    RHSA-2015:0729
    RHSA-2015:0729-00
    RHSA-2015:0729-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • setroubleshoot is earlier than 0:2.0.5-7.el5_11
  • AND setroubleshoot is signed with Red Hat redhatrelease2 key
  • setroubleshoot-server is earlier than 0:2.0.5-7.el5_11
  • AND setroubleshoot-server is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • setroubleshoot is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot is signed with Red Hat redhatrelease2 key
  • setroubleshoot-doc is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot-doc is signed with Red Hat redhatrelease2 key
  • setroubleshoot-server is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot-server is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • setroubleshoot is earlier than 0:3.2.17-4.1.el7_1
  • AND setroubleshoot is signed with Red Hat redhatrelease2 key
  • setroubleshoot-server is earlier than 0:3.2.17-4.1.el7_1
  • AND setroubleshoot-server is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • setroubleshoot is earlier than 0:2.0.5-7.el5_11
  • AND setroubleshoot is signed with Red Hat redhatrelease key
  • setroubleshoot-server is earlier than 0:2.0.5-7.el5_11
  • AND setroubleshoot-server is signed with Red Hat redhatrelease key
  • OR Package Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • setroubleshoot is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot is signed with Red Hat redhatrelease2 key
  • setroubleshoot-doc is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot-doc is signed with Red Hat redhatrelease2 key
  • setroubleshoot-server is earlier than 0:3.0.47-6.el6_6.1
  • AND setroubleshoot-server is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • setroubleshoot is earlier than 0:3.2.17-4.1.el7_1
  • AND setroubleshoot is signed with Red Hat redhatrelease2 key
  • setroubleshoot-server is earlier than 0:3.2.17-4.1.el7_1
  • AND setroubleshoot-server is signed with Red Hat redhatrelease2 key
    • BACK