[Bugs] [Bug 13487] New: [CVE 21] fapolicyd 1.0.3 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13487

          Platform: 2021.1
            Bug ID: 13487
           Summary: [CVE 21] fapolicyd 1.0.3 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-1117,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package fapolicyd version 1.0.3  
INFO (CVEs are): fapolicyd 1.0.3 cves found
CVE-2022-1117
Desc: A vulnerability was found in fapolicyd. The vulnerability occurs due to
an assumption on how glibc names the runtime linker, a build time regular
expression may not correctly detect the runtime linker. The consequence is that
the pattern detection for applications launched by the run time linker may fail
to detect the pattern and allow execution.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-1117
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/b6fde2a5/attachment.html>