Debian Libsepol vulnerabilities

CVE-2021-36085 [LOW] CVE-2021-36085: libsepol - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms ... The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Scope: local bookworm: resolved (fixed in 3.3-1) bullseye: resolved (fixed in 3.1-1+deb11u1) forky: resolved (fixed in 3.3-1) sid: resolved (fixed in 3.3-1) trixie: resolved (fixed in 3.3-1)

CVE-2021-36087 [LOW] CVE-2021-36087: libsepol - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_mat... The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. Scope: local bookworm: resolved (fixed in 3.3-1) bullseye: resolved (fixed in 3.1-1+deb11u1) forky: resolved (fixed in 3.3-1) sid: re

CVE-2021-36086 [LOW] CVE-2021-36086: libsepol - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermissio... The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Scope: local bookworm: resolved (fixed in 3.3-1) bullseye: resolved (fixed in 3.1-1+deb11u1) forky: resolved (fixed in 3.3-1) sid: resolved (fixed in 3.3-1) trixie: resolved (fixed in 3.3-1)

CVE-2021-36084 [LOW] CVE-2021-36084: libsepol - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms ... The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Scope: local bookworm: resolved (fixed in 3.3-1) bullseye: resolved (fixed in 3.1-1+deb11u1) forky: resolved (fixed in 3.3-1) sid: resolved (fixed in 3.3-1) trixie: resolved (fixed in 3.3-1)