rpm package
almalinux/libsepol-static
pkg:rpm/almalinux/libsepol-static
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36087 | — | < 2.9-3.el8 | 2.9-3.el8 | Jul 1, 2021 | The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. | ||
| CVE-2021-36086 | — | < 2.9-3.el8 | 2.9-3.el8 | Jul 1, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). | ||
| CVE-2021-36085 | — | < 2.9-3.el8 | 2.9-3.el8 | Jul 1, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). | ||
| CVE-2021-36084 | — | < 2.9-3.el8 | 2.9-3.el8 | Jul 1, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). |
- CVE-2021-36087Jul 1, 2021affected < 2.9-3.el8fixed 2.9-3.el8
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
- CVE-2021-36086Jul 1, 2021affected < 2.9-3.el8fixed 2.9-3.el8
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
- CVE-2021-36085Jul 1, 2021affected < 2.9-3.el8fixed 2.9-3.el8
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
- CVE-2021-36084Jul 1, 2021affected < 2.9-3.el8fixed 2.9-3.el8
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).