Vulmon
Amazon Linux 2022 Security Advisory: ALAS-2022-208
Advisory Release Date: 2022-11-04 22:30 Pacific
Advisory Updated Date: 2023-01-24 21:37 Pacific
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)
Affected Packages:
libsepol
Issue Correction:
Run dnf update libsepol to update your system.
aarch64:
libsepol-static-3.4-3.amzn2022.0.2.aarch64
libsepol-3.4-3.amzn2022.0.2.aarch64
libsepol-utils-debuginfo-3.4-3.amzn2022.0.2.aarch64
libsepol-utils-3.4-3.amzn2022.0.2.aarch64
libsepol-devel-3.4-3.amzn2022.0.2.aarch64
libsepol-debuginfo-3.4-3.amzn2022.0.2.aarch64
libsepol-debugsource-3.4-3.amzn2022.0.2.aarch64
i686:
libsepol-debuginfo-3.4-3.amzn2022.0.2.i686
libsepol-3.4-3.amzn2022.0.2.i686
libsepol-static-3.4-3.amzn2022.0.2.i686
libsepol-debugsource-3.4-3.amzn2022.0.2.i686
libsepol-devel-3.4-3.amzn2022.0.2.i686
libsepol-utils-debuginfo-3.4-3.amzn2022.0.2.i686
libsepol-utils-3.4-3.amzn2022.0.2.i686
src:
libsepol-3.4-3.amzn2022.0.2.src
x86_64:
libsepol-static-3.4-3.amzn2022.0.2.x86_64
libsepol-utils-debuginfo-3.4-3.amzn2022.0.2.x86_64
libsepol-utils-3.4-3.amzn2022.0.2.x86_64
libsepol-debugsource-3.4-3.amzn2022.0.2.x86_64
libsepol-devel-3.4-3.amzn2022.0.2.x86_64
libsepol-debuginfo-3.4-3.amzn2022.0.2.x86_64
libsepol-3.4-3.amzn2022.0.2.x86_64