[pkg-apparmor] Bug#929990: apparmor: CVE-2016-1585: mount rules grant excessive permissions
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 4 20:32:00 BST 2019
Source: apparmor
Version: 2.13.2-10
Severity: normal
Tags: security upstream
Forwarded: https://bugs.launchpad.net/apparmor/+bug/1597017
Control: found -1 2.11.0-3+deb9u2
Control: found -1 2.11.0-1
Hi,
The following vulnerability was published for apparmor. This is
already siscussed in the upstream bug, so this bug is really to track
the 'downstream' status for us in the Debian BTS. Would technically
not be needed but opted to fill a bug still in the Debian BTS for it.
intrigeri has already explained the siutation in the upstream bug.
CVE-2016-1585[0]:
| In all versions of AppArmor mount rules are accidentally widened when
| compiled.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1585
[1] https://bugs.launchpad.net/apparmor/+bug/1597017
Regards,
Salvatore
More information about the pkg-apparmor-team
mailing list