[Oraclevm-errata] OVMSA-2016-0157 Important: Oracle VM 3.3 policycoreutils security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Nov 15 07:00:16 PST 2016 

Oracle VM Security Advisory OVMSA-2016-0157

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
policycoreutils-2.0.83-30.1.0.1.el6_8.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/policycoreutils-2.0.83-30.1.0.1.el6_8.src.rpm



Description of changes:

[2.0.83-30.1.0.1]
- Lazy unmount private, shared entry(Joe Jin)[orabug 12560705]

[2.0.83-30.1]
- sandbox: create a new session for sandboxed processes
Resolves: CVE-2016-7545

[2.0.83-29]
- Update translations
Resolves: rhbz#819794

[2.0.83-28]
- Fix sepolgen test cases
Resolves: rhbz#1306550

[2.0.83-27]
- sandbox: Improve comments in sysconfig file
Resolves: rhbz#1159336
- secon, newrole: fix inconsistence between --help and man page
Resolves: rhbz#1278811, rhbz#1278913

[2.0.83-26]
- restorecond: treat root as a regular user
Resolves: rhbz#1281877
- semanage: don't skip reserver_port_t
Resolves: rhbz#1225806
- semanage: check if a store exists
Resolves: rhbz#1208801
- fixfiles: check the SELinux status
Resolves: rhbz#1240788

[2.0.83-25]
- semanage: Use OrderedDict for list of fcontexts
Resolves: rhbz#1206767

[2.0.83-24]
- fix a regression in 'fixfiles check' introduced in 2.0.83-21
Related: rhbz#1113083

[2.0.83-23]
- Move python scripts in /usr/share/system-config-selinux to 
policycoreutils-python
Resolves: rhbz#995778

[2.0.83-22]
- revert: chcat: Change the isSensitivity() detection
Related: rhbz#965397

[2.0.83-21]
- fixfiles verify: do not relabel /tmp and /var/tmp dirs
Resolves: rhbz#1113083
- Fix semanage -S <store> -o <output>
Resolves: rhbz#1122850

[2.0.83-20]
- chcat: Change the isSensitivity() detection
Resolves: rhbz#965397
- Move sepolgen utility from policycoreutils-gui to policycoreutils-python
Resolves: rhbz#995778
- audit2allow: use date time format compatible with ausearch
Resolves: rhbz#1111999

[2.0.83-19.48]
- Fix semanageRecords() to define load variable
Resolves:#1148062

[2.0.83-19.47]
- Fix setfiles man page
Resolves:#1086456
- Fix  semanage fcontext  error message when non-existing context given
Resolves:#1122023

[2.0.83-19.46]
- Make semanage -i working on empty file
- Fix setfiles man page
- Fix setfiles -r option to be working correctly
Resolves:#1086456

[2.0.83-19.45]
- Additional fixes related to new noreload option
Resolves:#1119726

[2.0.83-19.44]
- Make semanage -i working correctly
Resolves:#1119726

[2.0.83-19.43]
- Fix semanage man page to contain also noreload option
Resolves:#1032828
- Fix sandbox man page
- Make setfiles more informative if bad option is given

[2.0.83-19.42]
- Fail properly on invalid options for restorecon/setfiles when using -R 
or -r
- Check if all files exist for setfiles and restorecon
- Remove handling of cgroups from sandbox.
Resolves:#1091139
- Make -q and -d options mutually exclusive

[2.0.83-19.41]
- Allow use sandbox to follow homedirs symlinks
Resolves:#913175
- Make sure file equivalance target and source do not end
  with a /
- Allow make only valid domains as permissive domains
- Fix polgen.py to allow "_" in a policy file.
- Implement --noreload option to semanage
- Add missing long options in sandbox man page

[2.0.83-19.40]
- Fix fixfiles to return zero value when no error is encountered
Resolves:#1043969

[2.0.83-19.39]
- Call glob func with GLOB_BRACE flag to cover braced expressions

[2.0.83-19.38]
- Fix handling fixfiles with exclude_dirs

[2.0.83-19.37]
- Add workaround to make allow_polyinstantiation=1 directive working for 
xguest with semanage-booleans
Resolves:#1008790

[2.0.83-19.36]
- Update semanage boolean valid options

[2.0.83-19.35]
- Fix setsebool to give better error message on bad boolean names
Resolves:#998974

[2.0.83-19.34]
- One more fix for fixfiles script

[2.0.83-19.33]
- Fix semanage
Resolves:#860506
- Make semanage man page and help consistent
- Fix setsebool to give better error message on bad boolean names
- Add support for exclude dirs in fixfiles
- Fix semanage boolean to require a value

[2.0.83-19.32]
- Fix setsebool man page
Resolves:#984484

[2.0.83-19.31]
- Make setsebool less verbose on errors
Resolves:#984484
- Make <<none>> spec working for semanage fcontext
- Make audit2allow witn o option to append output instead of write

More information about the Oraclevm-errata mailing list