I am running Focal Fossa and noticed that AppArmor was vulnerable (CVE-2016-1585). My automatic upgrade attempts were not upgrading from the vulnerable version 2.13.3-7ubuntu5.3build2 to the latest version 2.13.3-7ubuntu5.4. When investigating further it is because my systems are configured to only pull updates out of the security repository, which does not include this update.
I posted a question in the general AppArmor area and it was suggested to bring this up in this specific bug thread. The thought is that the version released around this bug should be included in the security repository, not just the update repository. If this is indeed an issue, the same can be said for the jammy releases as well. Link to my question: https://answers.launchpad.net/ubuntu/+source/apparmor/+question/818906 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1597017 Title: mount rules grant excessive permissions To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1597017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
