[pkg-apparmor] Bug#858768: apparmor: CVE-2017-6507
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 28 12:41:26 UTC 2017
Hi!
On Tue, Mar 28, 2017 at 02:27:35PM +0200, intrigeri wrote:
> Hi,
>
> Antoine Beaupre:
> > Jessie, on the other hand, does not seem to be vulnerable:
>
> From my reading of the code, it seems that Wheezy, Jessie and Stretch
> are all vulnerable, but only when using sysvinit. I've just fixed this
> issue in sid, and filed an unblock request for Stretch.
>
> But systems running systemd should not be vulnerable, as systemd
> doesn't use the "restart" action of initscripts: instead, it runs
> "stop" then "start". And the "stop" action in /etc/init.d/apparmor
> does not unload profiles (since 2.1+961-0ubuntu2 according to the
> changelog). I think this explains why Antoine could not reproduce the
> problem on Jessie.
>
> Salvatore: with this in mind, do you think we should fix this problem
> in Jessie? If yes, with a DSA or jessie-pu?
Thanks for the analysis. I just have marked the issue as no-dsa, I
think this does not warrant one, but can be fixed in an upcoming point
release.
Thanks a lot for your quick followups.
Regards,
Salvatore
More information about the pkg-apparmor-team
mailing list