Articles / Ubuntu: Security update for...

Ubuntu: Security update for AppArmor

Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.

Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1676-1
December 19, 2012

AppArmor update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

A weakness was discovered in the example AppArmor profile for
chromium-browser.

Software Description:
- apparmor: Linux security system

Details:

Dan Rosenberg discovered that the example AppArmor profile for
chromium-browser could be escaped by calling xdg-settings with a crafted
environment.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
 apparmor-profiles               2.7.102-0ubuntu3.7

Ubuntu 11.10:
 apparmor-profiles               2.7.0~beta1+bzr1774-1ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1676-1
 https://launchpad.net/bugs/1045986

Package Information:
 https://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.7

https://launchpad.net/ubuntu/+source/apparmor/2.7.0~beta1+bzr1774-1ubuntu2.2
Screenshot

Project Spotlight

Flowgrind

A tool to conduct TCP performance analysis.

Screenshot

Project Spotlight

pmacct

A libpcap, IPFIX, NetFlow, and sFlow IPv4/IPv6 accounting package.