An update for setroubleshoot and setroubleshoot-plugins is now available for RedHat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The setroubleshoot packages provide tools to help diagnose SELinux problems.When Access Vector Cache (AVC) messages are returned, an alert can be generatedthat provides information about the problem and helps to track its resolution.The setroubleshoot-plugins package provides a set of analysis plugins for usewith setroubleshoot.

Each plugin has the capacity to analyze SELinux AVC dataand system data to provide user friendly reports describing how to interpretSELinux AVC denials.Security Fix(es):* Shell command injection flaws were found in the way the setroubleshootexecuted external commands.

A local attacker able to trigger certain SELinuxdenials could use these flaws to execute arbitrary code with root privileges.(CVE-2016-4445, CVE-2016-4989)* Shell command injection flaws were found in the way the setroubleshootallow_execmod and allow_execstack plugins executed external commands.

A localattacker able to trigger an execmod or execstack SELinux denial could use theseflaws to execute arbitrary code with root privileges. (CVE-2016-4444,CVE-2016-4446)The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (RedHat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red HatProduct Security.
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
setroubleshoot-3.0.47-12.el6_8.src.rpm
    MD5: b769c66ba42cbbef1112af9898d55efaSHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm
    MD5: 6c6ad0185b9ac5288642a71339c91e0eSHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
 
IA-32:
setroubleshoot-3.0.47-12.el6_8.i686.rpm
    MD5: d3a21d8d698eeddd525dc8e50d49e859SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm
    MD5: 812909a618114b0972b4bedc28fda3bcSHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm
    MD5: fc4e84c8d9014d035ffdac63ee063110SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm
    MD5: 5f66798ae393247570c0287c934b9a3bSHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108
 
x86_64:
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm
    MD5: ca49d9972b8cee3e8592158f5d63f546SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm
    MD5: 8c0f47e670b2420e2bac4b71d95d330dSHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm
    MD5: 211573bead3e4865b4d40f7778a9ab83SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm
    MD5: f0b990c8aca3e52dd53e5796e5590cf7SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
setroubleshoot-3.0.47-12.el6_8.src.rpm
    MD5: b769c66ba42cbbef1112af9898d55efaSHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm
    MD5: 6c6ad0185b9ac5288642a71339c91e0eSHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
 
IA-32:
setroubleshoot-3.0.47-12.el6_8.i686.rpm
    MD5: d3a21d8d698eeddd525dc8e50d49e859SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm
    MD5: 812909a618114b0972b4bedc28fda3bcSHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm
    MD5: fc4e84c8d9014d035ffdac63ee063110SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm
    MD5: 5f66798ae393247570c0287c934b9a3bSHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108
 
PPC:
setroubleshoot-3.0.47-12.el6_8.ppc64.rpm
    MD5: 326864045a9240cc7a4dd8611538d162SHA-256: 19aa936946bc7d6e2f7b259c8ce014f64731754f4781562b7f3fef37d871b085
setroubleshoot-debuginfo-3.0.47-12.el6_8.ppc64.rpm
    MD5: d098720b2e271ec02a75246035620879SHA-256: 1fd0508334f18b0e61b1e69125eb63ae7b7343716325cdf6222f045a1a4b093c
setroubleshoot-doc-3.0.47-12.el6_8.ppc64.rpm
    MD5: 9756005326bf54e7716d01b71e88e8fdSHA-256: feab92a13938ac88c82119b6e7435e56f5bb092abc36ed265e27c2438c956359
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.ppc64.rpm
    MD5: 9128444cbf1fc02dc6269a8e8c7b19caSHA-256: 89476e5ac4712b7e7b782a5727e62fb8098d8acefefce33cdddaaecb0a2eb9be
 
s390x:
setroubleshoot-3.0.47-12.el6_8.s390x.rpm
    MD5: 2864223b29bb1908b6adf0554f2e2776SHA-256: a4ce767f9030851d2d7c3d465804e022432132fcc2de01cd294040e5ad3537a2
setroubleshoot-debuginfo-3.0.47-12.el6_8.s390x.rpm
    MD5: 0399aab9959cf2ac92da20ab58cd19c2SHA-256: 36988007cef500e86ec4566716fb541dbfb1c8ab16129626c74705b9677c20f0
setroubleshoot-doc-3.0.47-12.el6_8.s390x.rpm
    MD5: be642b7cb17c673e6dcc0bcb0d711c6cSHA-256: e5067f340b6e2215e7ac61d0fec2a0d0db29c737f339b3e4cd402b7fc6a0eee7
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.s390x.rpm
    MD5: 83fc73e9ecb23682277a864fd188f2bdSHA-256: 8b4e769d0adb0052a94976bf5f030ac72c930ef1977acb5a94fb825c05abfba0
 
x86_64:
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm
    MD5: ca49d9972b8cee3e8592158f5d63f546SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm
    MD5: 8c0f47e670b2420e2bac4b71d95d330dSHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm
    MD5: 211573bead3e4865b4d40f7778a9ab83SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm
    MD5: f0b990c8aca3e52dd53e5796e5590cf7SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
setroubleshoot-3.0.47-12.el6_8.src.rpm
    MD5: b769c66ba42cbbef1112af9898d55efaSHA-256: 7d4610c37365fc08d34661a3b98547877065fdd0036eb9880ec72cca70790f53
setroubleshoot-plugins-3.0.40-3.1.el6_8.src.rpm
    MD5: 6c6ad0185b9ac5288642a71339c91e0eSHA-256: c7c2bc41b4a19aaf91d11495af69c7875803ead8b9a055e7f83a726d4f641f4a
 
IA-32:
setroubleshoot-3.0.47-12.el6_8.i686.rpm
    MD5: d3a21d8d698eeddd525dc8e50d49e859SHA-256: ebf70fd4d33c36b94d0f6c5efe4acecf656be9b29034a1f4d7ff99e4b68924e0
setroubleshoot-debuginfo-3.0.47-12.el6_8.i686.rpm
    MD5: 812909a618114b0972b4bedc28fda3bcSHA-256: fadfae016ef965cc3c14f9e80a7014fc0f46e8721fb558442378bd81ee9484b0
setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm
    MD5: fc4e84c8d9014d035ffdac63ee063110SHA-256: ccd4c80c07aaf5e7c22386f4512bb4ab183ac7a68bfd9d5843ba5a73f3f42f22
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.i686.rpm
    MD5: 5f66798ae393247570c0287c934b9a3bSHA-256: f2bbb7b6ed651b3ab29f7f3581e248dd2115522eca97f24356bee16a73859108
 
x86_64:
setroubleshoot-3.0.47-12.el6_8.x86_64.rpm
    MD5: ca49d9972b8cee3e8592158f5d63f546SHA-256: 0e4be110cee2f202491e1f954b18e2bd8ce8b452df1c0e82d9cbad6295deee37
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64.rpm
    MD5: 8c0f47e670b2420e2bac4b71d95d330dSHA-256: 50d70fdea8cc24611a3bf9f8354e18dbdfcb4b5d41f40dbb7b9369c34f232e02
setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm
    MD5: 211573bead3e4865b4d40f7778a9ab83SHA-256: 86badeea5a34cf43914fcb14cd5677c5ce0cb187d4fbeb4be496f20bf0c78588
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm
    MD5: 012da561f49c2e767fe69a1f642b3afdSHA-256: 4ebf992b0908335b03d2b6137e06b449f5b1a4c94daf592221a1333f98551542
setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm
    MD5: f0b990c8aca3e52dd53e5796e5590cf7SHA-256: 8642756db89ac668bb5d8674dcec323251210ce723138a18587eb1f3f54b27b1
 
(The unlinked packages above are only available from the Red Hat Network)

1332644 – CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin1339183 – CVE-2016-4445 setroubleshoot: insecure use of commands.getstatusoutput1339250 – CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin1346461 – CVE-2016-4989 setroubleshoot: command injection issues

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply