CVE-2016-1585

Опубликовано: 22 апр. 2019

Источник: debian

EPSS Низкий

Описание

In all versions of AppArmor mount rules are accidentally widened when compiled.

Пакет	Статус	Версия исправления	Релиз	Тип
apparmor	fixed	3.0.12-1		package

https://bugs.launchpad.net/apparmor/+bug/1597017
https://bugzilla.opensuse.org/show_bug.cgi?id=995594
Introduced around AppArmor 2.8 upstream.
Mount rules support is enabled in Debian, but the impact of the issue is
limited to 1. lxc (not a regression, as Debian never confined LXC with AppArmor
by default before buster, in particular not with mount rules), 2. libvirtd
but the profile is not meant to be a strong security boundary.
https://bugs.launchpad.net/apparmor/+bug/1597017/comments/6
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.10
Fixed by: https://gitlab.com/apparmor/apparmor/-/commit/262fd11359432888292952e5ed29bead5ace16f0 (v3.0.10)
Negligible security impact / known limitation

EPSS

Процентиль: 24%

0.00078

Низкий

CVE-2016-1585

CVSS3: 9.8

ubuntu

около 6 лет назад

In all versions of AppArmor mount rules are accidentally widened when compiled.

CVE-2016-1585

CVSS3: 9.8

nvd

около 6 лет назад

In all versions of AppArmor mount rules are accidentally widened when compiled.

CVE-2016-1585

CVSS3: 9.8

msrc

больше 4 лет назад

Описание отсутствует

GHSA-gpv3-8hmx-cqqf

CVSS3: 9.8

github

около 3 лет назад

In all versions of AppArmor mount rules are accidentally widened when compiled.

EPSS

Процентиль: 24%

0.00078

Низкий