Public bug reported:
[Impact]
* As discussed in bug #1628745, the following kernel commit changes
AppArmor mediation behavior on exec transitions:
commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46
Author: Linus Torvalds <torva...@linux-foundation.org>
Date: Mon Aug 22 16:41:46 2016 -0700
binfmt_elf: switch to new creds when switching to new mm
* This change made its way into the Xenial kernel that's currently in
xenial-proposed (4.4.0-149.175-generic) as it fixes CVE-2019-11190.
* jdstrand identified a couple missing fixes that are needed from the
AppArmor tree:
d8278f51ecb3c736d697fa367faf99457210a7d8
7a49f37c2481f761f8304712aa380acddfdb6303
[Test Case]
TODO
[Regression Potential]
The dnsmasq profile change adds permissions to the child profile.
There's really no change of regression involved there.
The aa.py change adds the 'm' permission to the allowed permissions of a
binary on ix transitions. While there is a code change involved, it is a
small change and the resulting profile output involved no risk of
regression.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1830802
Title:
AppArmor profile transition changes required by Linux kernel fix for
CVE-2019-11190
Status in apparmor package in Ubuntu:
New
Bug description:
[Impact]
* As discussed in bug #1628745, the following kernel commit changes
AppArmor mediation behavior on exec transitions:
commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46
Author: Linus Torvalds <torva...@linux-foundation.org>
Date: Mon Aug 22 16:41:46 2016 -0700
binfmt_elf: switch to new creds when switching to new mm
* This change made its way into the Xenial kernel that's currently in
xenial-proposed (4.4.0-149.175-generic) as it fixes CVE-2019-11190.
* jdstrand identified a couple missing fixes that are needed from the
AppArmor tree:
d8278f51ecb3c736d697fa367faf99457210a7d8
7a49f37c2481f761f8304712aa380acddfdb6303
[Test Case]
TODO
[Regression Potential]
The dnsmasq profile change adds permissions to the child profile.
There's really no change of regression involved there.
The aa.py change adds the 'm' permission to the allowed permissions of a
binary on ix transitions. While there is a code change involved, it is a
small change and the resulting profile output involved no risk of
regression.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830802/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
