setroubleshoot is vulnerable to arbitrary command execution. The vulnerability exists due to the ability to trigger a SELinux denial through a file name, handled by the _set_tpath
function.
seclists.org/oss-sec/2016/q2/574
securitytracker.com/id/1036144
access.redhat.com/errata/RHSA-2016:1267
access.redhat.com/errata/RHSA-2016:1293
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1346461
github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f
github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad
rhn.redhat.com/errata/RHSA-2016-1267.html