@Simon, thank you for the link, that also clarifies Steve's comment
(https://bugs.launchpad.net/apparmor/+bug/1597017/comments/25) earlier
in this thread which I didn't interpret appropriately during first read
through. Based on the linked thread the plan was to publish to the
security repository l
@Andrew: Simon is correct. This update deliberately had an unusual roll-
out where it went to updates first so that it could be phased, and we
could roll back if the phasing showed a problem.
The security pocket was not updated specifically to provide a users a
way to easily revert the update.
As
@Andrew, I think publishing to -updates first and then to -security was
intentional per https://discourse.ubuntu.com/t/upcoming-apparmor-
security-update-for-cve-2016-1585/44268/3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
I am running Focal Fossa and noticed that AppArmor was vulnerable
(CVE-2016-1585). My automatic upgrade attempts were not upgrading from
the vulnerable version 2.13.3-7ubuntu5.3build2 to the latest version
2.13.3-7ubuntu5.4. When investigating further it is because my systems
are configured to only
This bug was fixed in the package apparmor - 2.13.3-7ubuntu5.4
---
apparmor (2.13.3-7ubuntu5.4) focal-security; urgency=medium
* SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)
-
d/p/CVE-2016-1585/parser-Fix-expansion-of-variables-in-unix-rules-addr.patch
This bug was fixed in the package apparmor - 3.0.4-2ubuntu2.4
---
apparmor (3.0.4-2ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)
- d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount
rules e
Autopkgtests preventing migration look good now.
All have passed and cleared up in update_excuses
(only libreoffice/jammy/armhf running; expecting
it to pass based on previous history and results
from same package/version in other architectures).
Proceeding with release to Jammy and Focal.
--
Y
** Description changed:
+ [Impact]
+
+ * The mount rules in apparmor grant excessive permissions.
+See Original Report below.
+
+ [Test Plan]
+
+ * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
+See comment 26 for context.
+
+ [Other Info]
+
SRU Team; the packages for
Thanks, Rodrigo!
There are outdated autopkgtests (i.e., ran against reverse-test-deps
that now have newer versions in -updates), which I triggered reruns for.
Once that looks good (hopefully during my shift today, or maybe
tomorrow), I'll take a look for release.
Details:
---
jammy:
https://ubu
Testing Documentation:
This update was tested following the guidelines available at:
https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
In summary, they are:
- AppArmor cache files verification;
- Basic Ubuntu login tests: network, browser, apt;
- LXC, LXD, Docker basic operations and appa
** Tags removed: verification-needed-focal verification-needed-jammy
** Tags added: verification-done-focal verification-done-jammy
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
Actual fixed versions for this issue are still sitting in focal-proposed
and jammy-proposed. However, we did a no-change rebuild ofthe current
versions in the respective updates pockets to the security pocket, so
that the version in proposed could be published first in the updates
pocket, but leavi
This bug was fixed in the package apparmor - 2.13.3-7ubuntu5.3build2
---
apparmor (2.13.3-7ubuntu5.3build2) focal-security; urgency=medium
* No-change re-build upload for the focal-security pocket as part
of the preparation for addressing CVE-2016-1585 (LP: #1597017)
-- Steve
This bug was fixed in the package apparmor - 3.0.4-2ubuntu2.3build2
---
apparmor (3.0.4-2ubuntu2.3build2) jammy-security; urgency=medium
* No-change re-build upload for the jammy-security pocket as part
of the preparation for addressing CVE-2016-1585 (LP: #1597017)
-- Steve Be
Hi, gentle ping on this; is there an ETA for this to land in 22.04? Let
me know if I can help with testing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1597017
Title:
mount rules grant excessive p
I've been running this update on Jammy since 2024-04-18 with no visible
side effect:
$ zgrep -w1 apparmor /var/log/apt/history.log.2.gz
Start-Date: 2024-04-18 12:48:18
Commandline: apt install apparmor/jammy-proposed
Requested-By: sdeziel (1000)
Upgrade: apparmor:amd64 (3.0.4-2ubuntu2.3, 3.0.4-2
Hello John, or anyone else affected,
Accepted apparmor into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.4 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://
It is in the SRU queue and the current ETA is April 15 to land in the
proposed pocket (archive proposed not security proposed ppa), there is a
caveat that the recent xz backdoor has caused some "fun" on the archive
side and could potentially cause some delays.
--
You received this bug notificatio
Hello,
A gentle ping on this issue, it still shows up on jammy security report
and looks like 2ubuntu2.3 here
https://changelogs.ubuntu.com/changelogs/pool/main/a/apparmor/apparmor_3.0.4-2ubuntu2.3/changelog
doesn't have the fix.
@jjohansen can we please advise on when the fix will be backported
** Description changed:
+ SRU Team; the packages for focal-proposed and jammy-proposed are
+ intended as security updates prepared by the Ubuntu Security team (and
+ have built in a ppa with only the security pockets enabled). However,
+ because the fix makes mount rules in apparmor policy be trea
FYI This is now in the jammy and focal upload queues to go to -proposed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1597017
Title:
mount rules grant excessive permissions
To manage notifications
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status:
22 matches
Mail list logo
