http://bugzilla.opensuse.org/show_bug.cgi?id=1000998
Bug ID: 1000998
Summary: VUL-0: CVE-2016-7545: [SELinux] nonpriv session can
escape to the parent session
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.1
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@suse.de
Reporter: mikhail.kasimov@gmail.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
CVE-2016-7545 info: http://seclists.org/oss-sec/2016/q3/606
==========
Hi,
When executing a program via the SELinux sandbox, the nonpriv session
can escape to the parent session by using the TIOCSTI ioctl to push
characters into the terminal's input buffer, allowing an attacker to
escape the sandbox.
$ cat test.c
#include