Description
Shell command injection flaws were found in the way the setroubleshoot
executed external commands. A local attacker able to trigger certain SELinux
denials could use these flaws to execute arbitrary code with root privileges.
(CVE-2016-4445, CVE-2016-4989)
* Shell command injection flaws were found in the way the setroubleshoot
allow_execmod and allow_execstack plugins executed external commands. A local
attacker able to trigger an execmod or execstack SELinux denial could use these
flaws to execute arbitrary code with root privileges. (CVE-2016-4444,
CVE-2016-4446)
The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red
Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat
Product Security.