Candidate: CVE-2017-11565
PublicDate: 2017-07-23 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11565
 https://twitter.com/pissquark/status/888142796414226432
 https://bugs.debian.org/869153
Description:
 debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was
 designed to execute aa-exec from the standard system pathname if the
 apparmor package is installed, but implements this incorrectly (with a
 wrong assumption that the specific pathname would remain the same forever),
 which allows attackers to bypass intended AppArmor restrictions by
 leveraging the silent loss of this protection mechanism. NOTE: this does
 not affect systems, such as default Debian stretch installations, on which
 Tor startup relies on a systemd unit file (instead of this tor.init
 script).
Ubuntu-Description:
 It was discovered that Tor incorrectly implemented AppArmor restrictions. An
 attacker could possibly bypass those restrictions and cause an unspecified
 impact.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869153
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_tor:
upstream_tor: needed
precise/esm_tor: DNE
trusty_tor: ignored (out of standard support)
trusty/esm_tor: needed
vivid/ubuntu-core_tor: DNE
xenial_tor: not-affected (0.2.9.14-1ubuntu1~16.04.1)
zesty_tor: ignored (reached end-of-life)
artful_tor: ignored (reached end-of-life)
bionic_tor: not-affected (0.3.1.5-alpha-2)
cosmic_tor: not-affected (0.3.1.5-alpha-2)
disco_tor: not-affected (0.3.1.5-alpha-2)
eoan_tor: not-affected (0.3.1.5-alpha-2)
focal_tor: not-affected (0.3.1.5-alpha-2)
groovy_tor: not-affected (0.3.1.5-alpha-2)
hirsute_tor: not-affected (0.3.1.5-alpha-2)
impish_tor: not-affected (0.3.1.5-alpha-2)
jammy_tor: not-affected (0.3.1.5-alpha-2)
devel_tor: not-affected (0.3.1.5-alpha-2)