Your message dated Thu, 31 Jul 2008 19:52:16 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#490271: fixed in refpolicy 0.0.20061018-5.1+etch1 has caused the Debian Bug report #490271, regarding bind9: security update breaks named running with selinux to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 490271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490271 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: bind9 Version: 9.3.4-2etch3 Tags: etch Severity: serious Package: selinux-policy-refpolicy-targeted Version: 0.0.20061018-5 bind9 security update 9.3.4-2etch3 breaks named running in a selinux enabled (enforcing) environment: audit(1215756426.448:248): avc: denied { name_bind } for pid=16218 comm="named" src=12949 scontext=user_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket I think you need to add corenet_udp_bind_generic_port(named_t) to the selinux policy (or revert the security update). Kind regards, Martin
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 0.0.20061018-5.1+etch1 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive: refpolicy_0.0.20061018-5.1+etch1.diff.gz to pool/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.diff.gz refpolicy_0.0.20061018-5.1+etch1.dsc to pool/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.dsc selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb to pool/main/r/refpolicy/selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb to pool/main/r/refpolicy/selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb to pool/main/r/refpolicy/selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb to pool/main/r/refpolicy/selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb to pool/main/r/refpolicy/selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Devin Carraway <[EMAIL PROTECTED]> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 12 Jul 2008 09:33:09 +0000 Source: refpolicy Binary: selinux-policy-refpolicy-src selinux-policy-refpolicy-targeted selinux-policy-refpolicy-strict selinux-policy-refpolicy-doc selinux-policy-refpolicy-dev Architecture: source all Version: 0.0.20061018-5.1+etch1 Distribution: stable-security Urgency: high Maintainer: Manoj Srivastava <[EMAIL PROTECTED]> Changed-By: Devin Carraway <[EMAIL PROTECTED]> Description: selinux-policy-refpolicy-dev - Headers from the SELinux reference policy for building modules selinux-policy-refpolicy-doc - Documentation for the SELinux reference policy selinux-policy-refpolicy-src - Source of the SELinux reference policy for customization selinux-policy-refpolicy-strict - Strict variant of the SELinux reference policy selinux-policy-refpolicy-targeted - Targeted variant of the SELinux reference policy Closes: 490271 Changes: refpolicy (0.0.20061018-5.1+etch1) stable-security; urgency=high . * Non-maintainer upload by the security team. * Allow named_t to bind to all UDP ports, not just the DNS port; this enables DNS port randomization, introduced by bind9 1:9.3.4-2etch3 in response to DSA-1603-1 / CVE-2008-1447. The change does not represent a vulnerability in refpolicy, rather a compatibility fix for an urgent and widely-deployed package. (Closes: #490271). * Upgrade the bind policy module at upgrade, if and only if the previously-installed refpolicy package was <= 0.0.20061018-5 Files: 52bc8ea0cab864e990e9dacc4db3b678 859 admin optional refpolicy_0.0.20061018-5.1+etch1.dsc 1bb326ee1b8aea1fa93c3bd86a3007ee 571487 admin optional refpolicy_0.0.20061018.orig.tar.gz bd171f0cfa9adc59d451d176fb32c913 53515 admin optional refpolicy_0.0.20061018-5.1+etch1.diff.gz 626c93fc13beaa01ff151d9103a7860b 1541610 admin optional selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb c00ed4f0ea4ddbb8dd945c24c710c788 1288314 admin optional selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb 841f616c8f08b22ed7077c21c1065026 595490 admin optional selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb bee3f41fe8771b7b88693937814494a3 418666 admin optional selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb b082a861eda93f9bc06dd2e2f03ba89d 289230 doc optional selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIiWrnU5XKDemr/NIRAjQ0AKDDIbUlCu9WggZWQNqGPg0tICpA7gCgieai h0js2MAsY+nC7M4sL+FUksU= =B1Kj -----END PGP SIGNATURE-----
--- End Message ---
