CVE-2017-6507

Priority
Description
An issue was discovered in AppArmor before 2.12. Incorrect handling of
unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or
systemd unit files allows an attacker to possibly have increased attack
surfaces of processes that were intended to be confined by AppArmor. This
is due to the common logic to handle 'restart' operations removing AppArmor
profiles that aren't found in the typical filesystem locations, such as
/etc/apparmor.d/. Userspace projects that manage their own AppArmor
profiles in atypical directories, such as what's done by LXD and Docker,
are affected by this flaw in the AppArmor init script logic.
Assigned-to
tyhicks
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.102-0ubuntu3.11)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.10.95-0ubuntu2.6~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.10.95-0ubuntu2.6)
Patches:
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648
More Information

Updated: 2020-09-10 05:40:59 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)