Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.
Updated packages are available from security.ubuntu.com.
========================================================================== Ubuntu Security Notice USN-1676-1 December 19, 2012 AppArmor update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 Summary: A weakness was discovered in the example AppArmor profile for chromium-browser. Software Description: - apparmor: Linux security system Details: Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: apparmor-profiles 2.7.102-0ubuntu3.7 Ubuntu 11.10: apparmor-profiles 2.7.0~beta1+bzr1774-1ubuntu2.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1676-1 https://launchpad.net/bugs/1045986 Package Information: https://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.7 https://launchpad.net/ubuntu/+source/apparmor/2.7.0~beta1+bzr1774-1ubuntu2.2