Updates for openssh and selinux-policy fixes issue when SELinux user "guest_t" can run sudo command.

This update has been submitted for testing by lvrabec.

3 years ago

This update has obsoleted openssh-7.2p2-4.fc23, and has inherited its bugs and notes.

3 years ago

lvrabec edited this update.

3 years ago

lvrabec edited this update.

3 years ago

lvrabec edited this update.

3 years ago

lvrabec edited this update.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon jjelen commented & provided feedback 3 years ago

Nope. This fixes the problem of guest_t running sudo, but breaks the chroot:

https://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c

this should go to the sshd_t instead.

BZ#1356245 guest_t can run sudo
BZ#1357860 guest_t can run sudo
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for testing

User Icon williamjmorenor commented & provided feedback 3 years ago
karma

wfm

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
6
Dates
submitted
3 years ago
in testing
3 years ago
modified
3 years ago
BZ#1356245 guest_t can run sudo
-1
0
BZ#1357442 CVE-2016-6210 openssh: User enumeration via covert timing channel
0
0
BZ#1357443 CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]
0
0
BZ#1357860 guest_t can run sudo
-1
0

Automated Test Results

Test Cases

0 0 Test Case OpenSSH