Package "apparmor-profiles"
| Name: |
apparmor-profiles
|
Description: |
experimental profiles for AppArmor security policies
|
| Latest version: |
3.0.4-2ubuntu2.4 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
apparmor |
| Homepage: |
https://apparmor.net/ |
Links
Download "apparmor-profiles"
Other versions of "apparmor-profiles" in Jammy
Changelog
|
apparmor (3.0.4-2ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)
- d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount
rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h
and fix multiple test cases in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch:
update rule qualifiers in regression tests in
tests/regression/apparmor/mkprofile.pl and
tests/regression/apparmor/capabilities.sh.
- d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount
regression tests in tests/regression/apparmor/mount.c,
tests/regression/apparmor/mount.sh and
tests/regression/apparmor/mkprofile.pl.
- d/p/CVE-2016-1585/Check-for-newer-mount-options-in-regression-test.patch:
add check for newer mount options in regression tests in
tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c
and tests/regression/apparmor/mount.sh.
- d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch:
add missing kernel mount options flag in parser/apparmor.d.pod,
parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh
and parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update
test profiles in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch:
update gen_policy_change_mount_type() in parser/mount.cc and also
updated tests on parser/tst/simple_tests/mount/* and
tests/regression/apparmor/mount.sh.
- d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch:
remove deprecation warning message in parser/mount.cc.
- d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch:
add device checks in gen_flag_rules() in parser/mount.cc and tests
in parser/tst/simple_tests/mount/*, parser/tst/equality.sh,
tests/regression/apparmor/mount.sh and
utils/test/test-parser-simple-tests.py.
- CVE-2016-1585
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 06 Mar 2024 15:35:00 -0300
|
| Source diff to previous version |
| 1597017 |
mount rules grant excessive permissions |
| CVE-2016-1585 |
In all versions of AppArmor mount rules are accidentally widened when compiled. |
|
|
apparmor (3.0.4-2ubuntu2.3build2) jammy-security; urgency=medium
* No-change re-build upload for the jammy-security pocket as part
of the preparation for addressing CVE-2016-1585 (LP: #1597017)
-- Steve Beattie <email address hidden> Tue, 27 Aug 2024 14:48:42 -0700
|
| Source diff to previous version |
| 1597017 |
mount rules grant excessive permissions |
| CVE-2016-1585 |
In all versions of AppArmor mount rules are accidentally widened when compiled. |
|
|
apparmor (3.0.4-2ubuntu2.3) jammy; urgency=medium
* Add support for applications like evince opening browsers
distributed as snaps (LP: #1794064)
- d/p/u/add-snap-browsers-profile-lp1794064.patch: add
a snap-browsers abstraction profile to let applications like
evince spawn browsers distributed as snaps
- d/p/u/update-snap-browsers-permissions-lp1794064.patch: update
snap-browsers abstraction with missing permissions
-- Georgia Garcia <email address hidden> Mon, 05 Jun 2023 15:58:43 -0300
|
| Source diff to previous version |
| 1794064 |
Clicking a hyperlink in a PDF fails to open it if the default browser is a snap |
|
|
apparmor (3.0.4-2ubuntu2.2) jammy; urgency=medium
* Add mqueue patches. LP: #1993353
- u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch:
add parser support for mqueue mediation
- u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add
posix mqueue regression tests
- u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch:
add support in python tools to parse mqueue rules
- u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add
parser simple tests for mqueue
- u/mqueue5-parser-Add-a-set-of-debug-flags-that-can-be-passed-t.patch:
add debug flags that can be passed to the kernel
- u/mqueue6-parser-Set-the-DEBUG1-flag-on-profiles-that-use-mque.patch:
set DEBUG1 on mqueue rules
- u/mqueue7-parser-place-perm-on-name-as-well-as-name-label-comb.patch:
add permissions on name and also on name + label
- u/mqueue8-libapparmor-add-support-for-requested-and-denied-on-.patch:
add parsing support for "denied" and "requested" from audit logs
- u/mqueue9-libapparmor-add-support-for-class-in-logparsing.patch: add
parsing support for "class" from audit logs
- u/mqueue10-utils-add-logparser-support-for-mqueue.patch: add logparser
support for mqueue rules
- u/mqueue11-tests-add-sysv-message-queue-regression-tests.patch: add
sysv mqueue regression tests
- debian/rules: create mqueue testcase empty files for libapparmor tests.
* Closes LP: #1994146
-- Georgia Garcia <email address hidden> Wed, 19 Oct 2022 11:52:00 -0300
|
| Source diff to previous version |
| 1993353 |
Add posix message queue IPC mediation |
| 1994146 |
[SRU] apparmor - Focal, Jammy |
|
|
apparmor (3.0.4-2ubuntu2.1) jammy; urgency=medium
* Add upstream commit to remove dbus deny rule from exo-open abstraction
to fix evince startup (LP: #1969896)
- d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
-- Alex Murray <email address hidden> Tue, 21 Jun 2022 14:16:01 +0930
|
| 1969896 |
Evince Document Viewer(42.0) does not remember last page in 22.04 and opens in a tiny window when launched |
|
About
-
Send Feedback to @ubuntu_updates
