SUSE-SU-2018:0926-1

Details

This update for policycoreutils fixes the following issues:

CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624).

Affected Packages

policycoreutils

SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server for Raspberry Pi 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

2.5-10.3.1

policycoreutils-python

SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server for Raspberry Pi 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

2.5-10.3.1

References

REPORT

https://bugzilla.suse.com/1083624

WEB

https://www.suse.com/security/cve/CVE-2018-1063

ADVISORY

https://www.suse.com/support/update/announcement/2018/suse-su-20180926-1/