UbuntuUpdates.org

Package "apparmor"

Name: apparmor

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • AppArmor debhelper routines
  • AppArmor Python utility library
  • AppArmor library Python bindings

Latest version: 2.10.95-0ubuntu2.12
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "apparmor" in Xenial

Repository Area Version
base main 2.10.95-0ubuntu2
base universe 2.10.95-0ubuntu2
security main 2.10.95-0ubuntu2.12
updates main 2.10.95-0ubuntu2.12
updates universe 2.10.95-0ubuntu2.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.95-0ubuntu2.12 2023-07-03 03:07:13 UTC

  apparmor (2.10.95-0ubuntu2.12) xenial-security; urgency=medium

  * debian/lib/apparmor/functions: remove support for loading snapd
    generated profiles in /var/lib/snapd/apparmor/profiles as these are
    handled by snapd.apparmor.service (LP: #2024637)

 -- Alex Murray <email address hidden> Thu, 22 Jun 2023 16:58:05 +0930

Source diff to previous version
2024637 apparmor.service tries to load snapd generated apparmor profiles but fails

Version: 2.10.95-0ubuntu2.11 2019-06-05 20:07:06 UTC

  apparmor (2.10.95-0ubuntu2.11) xenial-security; urgency=medium

  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

 -- Tyler Hicks <email address hidden> Tue, 28 May 2019 21:33:21 +0000

Source diff to previous version
1830802 AppArmor profile transition changes required by Linux kernel fix for CVE-2019-11190
CVE-2019-11190 The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in

Version: 2.10.95-0ubuntu2.10 2018-10-04 20:07:05 UTC

  apparmor (2.10.95-0ubuntu2.10) xenial-security; urgency=medium

  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

 -- Jamie Strandboge <email address hidden> Thu, 27 Sep 2018 18:23:46 +0000

Source diff to previous version
1794848 private-files-strict and user-files abstractions should also limit access to directories

Version: 2.10.95-0ubuntu2.6 2017-03-28 16:06:56 UTC

  apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000

1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles
CVE-2017-6507 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste



About   -   Send Feedback to @ubuntu_updates