| Package | libsepol |
|---|---|
| Version | 2.6-2+deb9u1 (stretch), 2.8-1+deb10u1 (buster) |
| Related CVEs | CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 |
Multiple vulnerabilities were discovered in libsepol, a set of userspace utilities and libraries for manipulating SELinux policies.
CVE-2021-36084, CVE-2021-36085, CVE-2021-36086
Three use-after-free problems were discovered in the CIL compiler. These could lead to data corruption, denial of service or possibly arbitrary code execution.
CVE-2021-36087
A heap-based buffer over-read was discovered in the CIL compiler. This could lead to confidentiality or integrity violations, or crashes.
For Debian 10 buster, these problems have been fixed in version 2.8-1+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 2.6-2+deb9u1.
We recommend that you upgrade your libsepol packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.