Candidate: CVE-2018-1063
PublicDate: 2018-03-02 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1063
 https://bugzilla.redhat.com/show_bug.cgi?id=1550122
Description:
 Context relabeling of filesystems is vulnerable to symbolic link attack,
 allowing a local, unprivileged malicious entity to change the SELinux
 context of an arbitrary file to a context with few restrictions. This only
 happens when the relabeling process is done, usually when taking SELinux
 state from disabled to enable (permissive or enforcing). The issue was
 found in policycoreutils 2.5-11.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N [4.4 MEDIUM]


Patches_policycoreutils:
upstream_policycoreutils: released (2.7-1)
precise/esm_policycoreutils: DNE
trusty_policycoreutils: ignored (out of standard support)
trusty/esm_policycoreutils: needed
xenial_policycoreutils: ignored (end of standard support, was needed)
artful_policycoreutils: ignored (reached end-of-life)
bionic_policycoreutils: not-affected (2.7-1)
cosmic_policycoreutils: not-affected (2.7-1)
disco_policycoreutils: not-affected (2.7-1)
eoan_policycoreutils: not-affected (2.7-1)
focal_policycoreutils: not-affected (2.7-1)
groovy_policycoreutils: not-affected (2.7-1)
hirsute_policycoreutils: not-affected (2.7-1)
impish_policycoreutils: not-affected (2.7-1)
jammy_policycoreutils: not-affected (2.7-1)
devel_policycoreutils: not-affected (2.7-1)