[pkg-apparmor] Bug#929990: apparmor: CVE-2016-1585: mount rules grant excessive permissions

Salvatore Bonaccorso carnil at debian.org
Tue Jun 4 20:32:00 BST 2019


Source: apparmor
Version: 2.13.2-10
Severity: normal
Tags: security upstream
Forwarded: https://bugs.launchpad.net/apparmor/+bug/1597017
Control: found -1 2.11.0-3+deb9u2
Control: found -1 2.11.0-1 

Hi,

The following vulnerability was published for apparmor. This is
already siscussed in the upstream bug, so this bug is really to track
the 'downstream' status for us in the Debian  BTS. Would technically
not be needed but opted to fill a bug still in the Debian BTS for it.
intrigeri has already explained the siutation in the upstream bug.

CVE-2016-1585[0]:
| In all versions of AppArmor mount rules are accidentally widened when
| compiled.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-1585
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1585
[1] https://bugs.launchpad.net/apparmor/+bug/1597017

Regards,
Salvatore



More information about the pkg-apparmor-team mailing list