Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-1117) ELSA-2022-1898: fapolicyd security, bug fix, and enhancement update

Back to Search

Oracle Linux: (CVE-2022-1117) ELSA-2022-1898: fapolicyd security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/17/2022
Created
05/20/2022
Added
05/18/2022
Modified
05/18/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-1898:

[1.1-6.0.1] - Increase db_max_size to 100M [1.1-6] - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path Resolves: rhbz#2069120 [1.1-4] RHEL 8.6.0 ERRATUM - fapolicyd denies access to /usr/lib64/ld-2.28.so Resolves: rhbz#2066300 [1.1-1] RHEL 8.6.0 ERRATUM - rebase to 1.1 Resolves: rhbz#1939379 - introduce rules.d feature Resolves: rhbz#2054741 - remove pretrans scriptlet Resolves: rhbz#2051485 [1.0.4-2] RHEL 8.6.0 ERRATUM - rebase to 1.0.4 - added rpm_sha256_only option - added trust.d directory - allow file names with whitespace in trust files - use full paths in trust files Resolves: rhbz#1939379 - fix libc.so getting identified as application/x-executable Resolves: rhbz#1989272 - fix fapolicyd-dnf-plugin reporting as ''Resolves: rhbz#1997414- fix selinux DSP module definition in spec fileResolves: rhbz#2014445[1.0.2-7]- fapolicyd abnormally exits by executing sosreport- fixed multiple problems with unlink()- fapolicyd breaks system upgrade, leaving system in dead state - complete fixResolves: rhbz#1943251

Solution(s)

  • oracle-linux-upgrade-fapolicyd
  • oracle-linux-upgrade-fapolicyd-selinux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;