1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4008-2

[USN-4008-2] AppArmor update

Severity Low
Affected Packages 16
CVEs 1
Info Packages Vulnerabilities

Several policy updates were made for running under the recently updated Linux kernel.

USN-4008-1 fixed multiple security issues in the Linux kernel. This update
provides the corresponding changes to AppArmor policy for correctly
operating under the Linux kernel with fixes for CVE-2019-11190. Without
these changes, some profile transitions may be unintentionally denied due
to missing mmap ('m') rules.

Original advisory details:

Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If
enabled, a local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.
(CVE-2019-11191)

As a hardening measure, this update disables a.out support.

Package Affected Version
pkg:deb/ubuntu/python3-libapparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/python3-apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/python-libapparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/python-apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/libpam-apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/libapparmor1?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/libapparmor-perl?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/libapparmor-dev?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/libapache2-mod-apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/dh-apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor-utils?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor-profiles?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor-notify?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor-easyprof?distro=xenial < 2.10.95-0ubuntu2.11
pkg:deb/ubuntu/apparmor-docs?distro=xenial < 2.10.95-0ubuntu2.11
ID
USN-4008-2
Severity
low
URL
https://ubuntu.com/security/notices/USN-4008-2
Published
2019-06-05T19:43:51
(5 years ago)
Modified
2019-06-05T19:43:51
(5 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/python3-libapparmor?distro=xenial ubuntu python3-libapparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/python3-apparmor?distro=xenial ubuntu python3-apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/python-libapparmor?distro=xenial ubuntu python-libapparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/python-apparmor?distro=xenial ubuntu python-apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/libpam-apparmor?distro=xenial ubuntu libpam-apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/libapparmor1?distro=xenial ubuntu libapparmor1 < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/libapparmor-perl?distro=xenial ubuntu libapparmor-perl < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/libapparmor-dev?distro=xenial ubuntu libapparmor-dev < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/libapache2-mod-apparmor?distro=xenial ubuntu libapache2-mod-apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/dh-apparmor?distro=xenial ubuntu dh-apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor?distro=xenial ubuntu apparmor < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor-utils?distro=xenial ubuntu apparmor-utils < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor-profiles?distro=xenial ubuntu apparmor-profiles < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor-notify?distro=xenial ubuntu apparmor-notify < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor-easyprof?distro=xenial ubuntu apparmor-easyprof < 2.10.95-0ubuntu2.11 xenial
Affected pkg:deb/ubuntu/apparmor-docs?distro=xenial ubuntu apparmor-docs < 2.10.95-0ubuntu2.11 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date