Public bug reported:
Binary package hint: apparmor-utils
/usr/sbin/audit and /usr/sbin/autodep and /usr/sbin/enforce have format
string bugs .
test case :
emanuel@emanuel-desktop:/tmp$ /usr/sbin/audit "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/audit line 122.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/autodep "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/autodep line 112.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/enforce "/tmp/%9999999999999s"
Integer overflow in format string for sprintf at /usr/sbin/enforce line 132.
the bug can be found at :
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') .
$profiling));
fix : (like in /usr/sbin/complain)
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'),
$profiling));
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/781961
Title:
Format string bugs in apparmor-utils
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
