UbuntuUpdates.org

Package "apparmor-profiles"

Name: apparmor-profiles

Description:

profiles for AppArmor Security policies

Latest version: 2.10.95-0ubuntu2.12
Release: xenial (16.04)
Level: security
Repository: main
Head package: apparmor
Homepage: http://apparmor.net/

Links


Download "apparmor-profiles"


Other versions of "apparmor-profiles" in Xenial

Repository Area Version
base main 2.10.95-0ubuntu2
updates main 2.10.95-0ubuntu2.12

Changelog

Version: 2.10.95-0ubuntu2.12 2023-07-03 03:07:12 UTC

  apparmor (2.10.95-0ubuntu2.12) xenial-security; urgency=medium

  * debian/lib/apparmor/functions: remove support for loading snapd
    generated profiles in /var/lib/snapd/apparmor/profiles as these are
    handled by snapd.apparmor.service (LP: #2024637)

 -- Alex Murray <email address hidden> Thu, 22 Jun 2023 16:58:05 +0930

Source diff to previous version
2024637 apparmor.service tries to load snapd generated apparmor profiles but fails

Version: 2.10.95-0ubuntu2.11 2019-06-05 20:07:03 UTC

  apparmor (2.10.95-0ubuntu2.11) xenial-security; urgency=medium

  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

 -- Tyler Hicks <email address hidden> Tue, 28 May 2019 21:33:21 +0000

Source diff to previous version
1830802 AppArmor profile transition changes required by Linux kernel fix for CVE-2019-11190
CVE-2019-11190 The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in

Version: 2.10.95-0ubuntu2.10 2018-10-04 20:07:03 UTC

  apparmor (2.10.95-0ubuntu2.10) xenial-security; urgency=medium

  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

 -- Jamie Strandboge <email address hidden> Thu, 27 Sep 2018 18:23:46 +0000

Source diff to previous version
1794848 private-files-strict and user-files abstractions should also limit access to directories

Version: 2.10.95-0ubuntu2.6 2017-03-28 16:06:55 UTC

  apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000

1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles
CVE-2017-6507 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste



About   -   Send Feedback to @ubuntu_updates