Описание
Security update for apparmor
This update for apparmor provides the following fixes:
This security issue was fixed:
- CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service (bsc#1029696)
These non-security issues were fixed:
- Add tunables/kernelvars abstraction. (bsc#1031529)
- Update flags of ntpd profile. (bsc#1022610)
- Force AppArmor to start after /var/lib mounts. (bsc#1016259)
- Update mlmmj profiles. (bsc#1000201)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1151-1
- E-Mail link for SUSE-SU-2017:1151-1
- SUSE Security Ratings
- SUSE Bug 1000201
- SUSE Bug 1016259
- SUSE Bug 1022610
- SUSE Bug 1029696
- SUSE Bug 1031529
- SUSE CVE CVE-2017-6507 page
Описание
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.
Затронутые продукты
Ссылки
- CVE-2017-6507
- SUSE Bug 1029696