[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update notes for CVE-2018-1063/policycoreutils

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67017558 by Salvatore Bonaccorso at 2018-03-21T09:47:52+01:00
Update notes for CVE-2018-1063/policycoreutils

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20825,8 +20825,13 @@ CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
 	- libvirt 4.1.0-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)
-	- policycoreutils <undetermined>
+	- policycoreutils <unfixed>
+	[stretch] - policycoreutils <no-dsa> (Minor issue)
+	[jessie] - policycoreutils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
+	NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp directories
+	NOTE: before relabeling the file system. Futhtermore only triggerable at
+	NOTE: relabeling time.
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1061



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/670175583bbc5df5573947d9fca2e200c2bde30d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/670175583bbc5df5573947d9fca2e200c2bde30d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180321/413f3404/attachment-0001.html>