Bug 15574

Summary: selinux-policy new security issue CVE-2015-1815
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thomas Spuhler <thomas>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/638217/
Whiteboard: MGA5TOO, MGA4TOO
Source RPM: selinux-policy-3.13.1-4.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-03-26 14:53:55 CET 
A security issue in the setroubleshoot.pp python script in selinux-policy was disclosed and discussed in this thread:
http://openwall.com/lists/oss-security/2015/03/26/1

Reproducible: 

Steps to Reproduce:
David Walser 2015-03-26 14:54:01 CET

Whiteboard: (none) => MGA5TOO, MGA4TOO

Thomas Spuhler 2015-03-26 16:34:01 CET

Status: NEW => ASSIGNED

Comment 1 Thomas Spuhler 2015-03-26 17:03:22 CET 
I will wait until Fedora has a fix. We don't provide a kernel built with selinux enabled, so this is not a priority.

Hardware: i586 => All

Comment 2 David Walser 2015-03-27 16:38:40 CET 
RedHat has issued an advisory for this on March 26:
https://rhn.redhat.com/errata/RHSA-2015-0729.html

Severity: normal => critical

David Walser 2015-03-27 16:52:15 CET

URL: (none) => http://lwn.net/Vulnerabilities/638217/

Comment 3 Thomas Spuhler 2015-03-27 17:01:22 CET 
(In reply to David Walser from comment #2)
> RedHat has issued an advisory for this on March 26:
> https://rhn.redhat.com/errata/RHSA-2015-0729.html

After reading this, and then go back and re-read the link in the description, I don't see this to be a problem in Mageia. We do not have this package "setroubleshoot" (which may be a very nice one, if we would would use selinux)
Please let me know if I am reading this wrong.
Comment 4 David Walser 2015-03-27 17:05:07 CET 
I'm not 100% sure.  We don't have a *package* by that name, but the oss-security post said the issue was in a Python script.  So, we do have:
selinux-policy-targeted:/etc/selinux/targeted/modules/active/modules/setroubleshoot.pp
selinux-policy-devel:/usr/share/selinux/devel/include/contrib/setroubleshoot.if
selinux-policy-minimum:/etc/selinux/minimum/modules/active/modules/setroubleshoot.pp
selinux-policy-mls:/etc/selinux/mls/modules/active/modules/setroubleshoot.pp

I haven't looked at the file directly, but I was under the impression that setroubleshoot.pp is the affected Python script.
Comment 5 Thomas Spuhler 2015-03-27 19:13:46 CET 
setroubleshoot.pp is not a python script but .pp os for policy package:

see
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-sel-policy-customizing.html
Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.
Comment 6 David Walser 2015-03-27 19:30:50 CET 
Hmm, so I guess setroubleshoot.pp is what tells it to call that script.

This is INVALID then.

Status: ASSIGNED => RESOLVED
Resolution: (none) => INVALID