CVE-2017-6507 (retired)

Priority
Description
An issue was discovered in AppArmor before 2.12. Incorrect handling of
unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or
systemd unit files allows an attacker to possibly have increased attack
surfaces of processes that were intended to be confined by AppArmor. This
is due to the common logic to handle 'restart' operations removing AppArmor
profiles that aren't found in the typical filesystem locations, such as
/etc/apparmor.d/. Userspace projects that manage their own AppArmor
profiles in atypical directories, such as what's done by LXD and Docker,
are affected by this flaw in the AppArmor init script logic.
Assigned-to
tyhicks
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.102-0ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.10.95-0ubuntu2.6~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.10.95-0ubuntu2.6)
Patches:
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647
Upstream:http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648
More Information

Updated: 2019-03-26 12:26:15 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)