Overview
Request 1184295 accepted
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* libsepol: improve policy lookup failure message
* libsepol: include prefix for module policy versions
* libsepol: validate type-attribute-map for old policies
* libsepol: only exempt gaps checking for kernel policies
* Bugfixes:
* libsepol/src/Makefile: fix reallocarray detection
* libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
* libsepol: ensure transitivity in compare functions
* oss-fuzz fixes:
* libsepol: check scope permissions refer to valid class
* libsepol: validate attribute-type maps
* libsepol: reject self flag in type rules in old policies
* libsepol: validate class permissions
* libsepol: validate access vector permissions
* libsepol: reject MLS support in pre-MLS policies
* libsepol: Fix buffer overflow when using sepol_av_to_string()
* libsepol: Use a dynamic buffer in sepol_av_to_string()
Request History
cahu created request
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* libsepol: improve policy lookup failure message
* libsepol: include prefix for module policy versions
* libsepol: validate type-attribute-map for old policies
* libsepol: only exempt gaps checking for kernel policies
* Bugfixes:
* libsepol/src/Makefile: fix reallocarray detection
* libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
* libsepol: ensure transitivity in compare functions
* oss-fuzz fixes:
* libsepol: check scope permissions refer to valid class
* libsepol: validate attribute-type maps
* libsepol: reject self flag in type rules in old policies
* libsepol: validate class permissions
* libsepol: validate access vector permissions
* libsepol: reject MLS support in pre-MLS policies
* libsepol: Fix buffer overflow when using sepol_av_to_string()
* libsepol: Use a dynamic buffer in sepol_av_to_string()
cahu accepted request
