[Oraclevm-errata] OVMSA-2016-0157 Important: Oracle VM 3.3 policycoreutils security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Nov 15 07:00:16 PST 2016

Oracle VM Security Advisory OVMSA-2016-0157

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Lazy unmount private, shared entry(Joe Jin)[orabug 12560705]

- sandbox: create a new session for sandboxed processes
Resolves: CVE-2016-7545

- Update translations
Resolves: rhbz#819794

- Fix sepolgen test cases
Resolves: rhbz#1306550

- sandbox: Improve comments in sysconfig file
Resolves: rhbz#1159336
- secon, newrole: fix inconsistence between --help and man page
Resolves: rhbz#1278811, rhbz#1278913

- restorecond: treat root as a regular user
Resolves: rhbz#1281877
- semanage: don't skip reserver_port_t
Resolves: rhbz#1225806
- semanage: check if a store exists
Resolves: rhbz#1208801
- fixfiles: check the SELinux status
Resolves: rhbz#1240788

- semanage: Use OrderedDict for list of fcontexts
Resolves: rhbz#1206767

- fix a regression in 'fixfiles check' introduced in 2.0.83-21
Related: rhbz#1113083

- Move python scripts in /usr/share/system-config-selinux to 
Resolves: rhbz#995778

- revert: chcat: Change the isSensitivity() detection
Related: rhbz#965397

- fixfiles verify: do not relabel /tmp and /var/tmp dirs
Resolves: rhbz#1113083
- Fix semanage -S <store> -o <output>
Resolves: rhbz#1122850

- chcat: Change the isSensitivity() detection
Resolves: rhbz#965397
- Move sepolgen utility from policycoreutils-gui to policycoreutils-python
Resolves: rhbz#995778
- audit2allow: use date time format compatible with ausearch
Resolves: rhbz#1111999

- Fix semanageRecords() to define load variable

- Fix setfiles man page
- Fix  semanage fcontext  error message when non-existing context given

- Make semanage -i working on empty file
- Fix setfiles man page
- Fix setfiles -r option to be working correctly

- Additional fixes related to new noreload option

- Make semanage -i working correctly

- Fix semanage man page to contain also noreload option
- Fix sandbox man page
- Make setfiles more informative if bad option is given

- Fail properly on invalid options for restorecon/setfiles when using -R 
or -r
- Check if all files exist for setfiles and restorecon
- Remove handling of cgroups from sandbox.
- Make -q and -d options mutually exclusive

- Allow use sandbox to follow homedirs symlinks
- Make sure file equivalance target and source do not end
  with a /
- Allow make only valid domains as permissive domains
- Fix polgen.py to allow "_" in a policy file.
- Implement --noreload option to semanage
- Add missing long options in sandbox man page

- Fix fixfiles to return zero value when no error is encountered

- Call glob func with GLOB_BRACE flag to cover braced expressions

- Fix handling fixfiles with exclude_dirs

- Add workaround to make allow_polyinstantiation=1 directive working for 
xguest with semanage-booleans

- Update semanage boolean valid options

- Fix setsebool to give better error message on bad boolean names

- One more fix for fixfiles script

- Fix semanage
- Make semanage man page and help consistent
- Fix setsebool to give better error message on bad boolean names
- Add support for exclude dirs in fixfiles
- Fix semanage boolean to require a value

- Fix setsebool man page

- Make setsebool less verbose on errors
- Make <<none>> spec working for semanage fcontext
- Make audit2allow witn o option to append output instead of write

More information about the Oraclevm-errata mailing list