CVE-2017-6507

Priority
Medium
Description
An issue was discovered in AppArmor before 2.12. Incorrect handling of
unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or
systemd unit files allows an attacker to possibly have increased attack
surfaces of processes that were intended to be confined by AppArmor. This
is due to the common logic to handle 'restart' operations removing AppArmor
profiles that aren't found in the typical filesystem locations, such as
/etc/apparmor.d/. Userspace projects that manage their own AppArmor
profiles in atypical directories, such as what's done by LXD and Docker,
are affected by this flaw in the AppArmor init script logic.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):released (2.11.0-2ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.102-0ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.10.95-0ubuntu2.6~14.04.1)
Ubuntu Touch 15.04:ignored (reached end-of-life)
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (2.10.95-0ubuntu2.6)
Ubuntu 16.10 (Yakkety Yak):released (2.10.95-4ubuntu5.3)
Ubuntu 17.04 (Zesty Zapus):released (2.11.0-2ubuntu3)
Patches:
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648
More Information

Updated: 2017-06-15 16:17:09 UTC (commit 12747)