Package "apparmor"
| Name: |
apparmor
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- AppArmor debhelper routines
- AppArmor Python utility library
- AppArmor library Python bindings
|
| Latest version: |
2.10.95-0ubuntu2.12 |
| Release: |
xenial (16.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "apparmor" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
|
apparmor (2.10.95-0ubuntu2.7) xenial; urgency=medium
* Remove initramfs-tools from the dependencies; this isn't used and the
dependency has been dropped in later releases. LP: #1713169.
-- Steve Langasek <email address hidden> Fri, 25 Aug 2017 16:54:53 -0700
|
| Source diff to previous version |
|
apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium
* SECURITY UPDATE: Don't unload unknown profiles during package
configuration or when restarting the apparmor init script or upstart job
as this could leave processes unconfined (LP: #1668892)
- debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
Remove calls to unload_obsolete_profiles()
- debian/patches/utils-add-aa-remove-unknown.patch,
debian/apparmor.install debian/apparmor.manpages: Include a new utility,
aa-remove-unknown, which can be used to unload unknown profiles
- CVE-2017-6507
-- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000
|
| Source diff to previous version |
| 1668892 |
CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles |
| CVE-2017-6507 |
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste |
|
|
apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium
* debian/lib/apparmor/functions, debian/apparmor.init,
debian/apparmor.service, debian/apparmor.upstart,
debian/lib/apparmor/profile-load: Adjust the checks that previously kept
AppArmor policy from being loaded while booting a container. Now we
attempt to load policy if we're in a LXD or LXC managed container that is
using profile stacking inside of a policy namespace. (LP: #1628285)
* Fix regression tests for stacking so that the kernel SRU process is not
interrupted by failing tests whenever the AppArmor stacking features are
backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
receives a 4.8 or newer kernel
- debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
- debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
exec_stack.sh fix mentioned above to more accurately test kernels older
than 4.8 (LP: #1630069)
- debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
patch earlier in the series, as to match when it was committed upstream,
so that the above two patches can be cherry-picked from lp:apparmor
-- Tyler Hicks <email address hidden> Fri, 07 Oct 2016 05:21:44 +0000
|
| Source diff to previous version |
| 1628285 |
apparmor should be allowed to start in containers |
| 1628745 |
Change in kernel exec transition behavior causes regression tests to fail |
| 1630069 |
Regression tests can not detect binfmt_elf mmpa semantic change |
|
|
apparmor (2.10.95-0ubuntu2.2) xenial; urgency=medium
* r3498-r3499-ignore-net-events-that-look-like-file-events.patch: Prevent an
aa-logprof crash by ignoring file events that contains send *and* receive
in the request mask. This is an improvement to the previous fix that only
addressed events that contained send *or* receive.
(LP: #1577051, LP: #1582374)
- debian/rules: Create a new empty file, needed for the test added by this
patch, since quilt is unable to do so.
-- Tyler Hicks <email address hidden> Mon, 01 Aug 2016 18:03:36 -0500
|
| 1577051 |
aa-logprof fails with unknown mode \ |
| 1582374 |
Log contains unknown mode senw |
|
About
-
Send Feedback to @ubuntu_updates
