| Name | CVE-2016-7545 |
| Description | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-638-1 |
| Debian Bugs | 838599 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| policycoreutils (PTS) | buster | 2.8-1 | fixed |
| bullseye | 3.1-3 | fixed |
| bookworm | 3.4-1 | fixed |
| sid, trixie | 3.5-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
[jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
https://bugzilla.redhat.com/show_bug.cgi?id=1378577
Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
Marked as exception as not-affected, although the source is affected but the built
binary packages do not contain the sandbox binary. We cannot use 'unimportant'
severity here since the unstable version builts a binary package which contains it.