stable
FEDORA-2022-82bea71e5a created by bboozzoo 5 months ago for Fedora 34

Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for CVE-2021-44731, CVE-2021-44730, CVE-2021-4120.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-82bea71e5a

This update has been submitted for testing by bboozzoo.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update has been pushed to testing.

5 months ago

bboozzoo edited this update.

5 months ago

bboozzoo edited this update.

5 months ago

bboozzoo edited this update.

5 months ago

ngompa edited this update.

5 months ago
User Icon ngompa provided feedback 5 months ago
karma
BZ#1944390 SELinux is preventing systemctl from using the 'setrlimit' accesses on a process.
BZ#2043160 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/rfkill.
BZ#2043161 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
BZ#2043894 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
BZ#2043895 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
BZ#2043896 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
BZ#2043898 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/net/tun.
BZ#2043899 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
BZ#2043901 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
BZ#2043902 SELinux is preventing snap-confine from using the 'bpf' capabilities.
BZ#2046361 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
BZ#2046363 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
BZ#2046364 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
BZ#2046365 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
BZ#2051594 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/snd/hwC0D0.
BZ#2056058 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()
BZ#2056060 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() [fedora-all]
BZ#2056061 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()
BZ#2056063 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() [fedora-all]
BZ#2056065 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths
BZ#2056067 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths [fedora-all]

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
5 months ago
modified
5 months ago
BZ#1944390 SELinux is preventing systemctl from using the 'setrlimit' accesses on a process.
0
1
BZ#2043160 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/rfkill.
0
1
BZ#2043161 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
0
1
BZ#2043894 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
0
1
BZ#2043895 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
0
1
BZ#2043896 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
0
1
BZ#2043898 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/net/tun.
0
1
BZ#2043899 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
0
1
BZ#2043901 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
0
1
BZ#2043902 SELinux is preventing snap-confine from using the 'bpf' capabilities.
0
1
BZ#2046361 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
0
1
BZ#2046363 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
0
1
BZ#2046364 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
0
1
BZ#2046365 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
0
1
BZ#2051594 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/snd/hwC0D0.
0
1
BZ#2056058 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()
0
1
BZ#2056060 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() [fedora-all]
0
1
BZ#2056061 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()
0
1
BZ#2056063 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() [fedora-all]
0
1
BZ#2056065 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths
0
1
BZ#2056067 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths [fedora-all]
0
1

Automated Test Results