Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2022-170

Related Vulnerabilities: CVE-2021-36084   CVE-2021-36085   CVE-2021-36086   CVE-2021-36087  

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084) The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085) The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086) The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)

Source

ALAS2022-2022-170

Amazon Linux 2022 Security Advisory: ALAS-2022-170
Advisory Release Date: 2022-11-01 21:23 Pacific
Advisory Updated Date: 2022-11-03 21:02 Pacific
Severity: Medium
Issue Overview:

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)


Affected Packages:

libsepol


Issue Correction:
Run dnf update libsepol --releasever=2022.0.20221102 to update your system.

New Packages:
aarch64:
    libsepol-debuginfo-3.3-2.amzn2022.0.1.aarch64
    libsepol-static-3.3-2.amzn2022.0.1.aarch64
    libsepol-3.3-2.amzn2022.0.1.aarch64
    libsepol-devel-3.3-2.amzn2022.0.1.aarch64
    libsepol-debugsource-3.3-2.amzn2022.0.1.aarch64

i686:
    libsepol-static-3.3-2.amzn2022.0.1.i686
    libsepol-debuginfo-3.3-2.amzn2022.0.1.i686
    libsepol-3.3-2.amzn2022.0.1.i686
    libsepol-debugsource-3.3-2.amzn2022.0.1.i686
    libsepol-devel-3.3-2.amzn2022.0.1.i686

src:
    libsepol-3.3-2.amzn2022.0.1.src

x86_64:
    libsepol-debuginfo-3.3-2.amzn2022.0.1.x86_64
    libsepol-devel-3.3-2.amzn2022.0.1.x86_64
    libsepol-static-3.3-2.amzn2022.0.1.x86_64
    libsepol-3.3-2.amzn2022.0.1.x86_64
    libsepol-debugsource-3.3-2.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087

Mitre: CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started