* SECURITY UPDATE: Don't unload unknown profiles during package
configuration or when restarting the apparmor init script, upstart job, or
systemd unit as this could leave processes unconfined (LP: #1668892)
- debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
Remove calls to unload_obsolete_profiles()
- debian/patches/utils-add-aa-remove-unknown.patch,
debian/apparmor.install debian/apparmor.manpages: Include a new utility,
aa-remove-unknown, which can be used to unload unknown profiles. Based
on an upstream patch but adjusted to source the /lib/apparmor/functions
shipped in Debian/Ubuntu.
- CVE-2017-6507
* debian/patches/r3645-profiles-update-nvidia-abstraction.patch: Update
nvidia abstraction for newer nvidia drivers (LP: #1590561)
This bug was fixed in the package apparmor - 2.11.0-2ubuntu3
---------------
apparmor (2.11.0-2ubuntu3) zesty; urgency=medium
* SECURITY UPDATE: Don't unload unknown profiles during package apparmor. postinst, debian/ apparmor. init, debian/ apparmor. upstart: obsolete_ profiles( ) patches/ utils-add- aa-remove- unknown. patch, apparmor. install debian/ apparmor. manpages: Include a new utility, remove- unknown, which can be used to unload unknown profiles. Based functions patches/ r3645-profiles- update- nvidia- abstraction. patch: Update
configuration or when restarting the apparmor init script, upstart job, or
systemd unit as this could leave processes unconfined (LP: #1668892)
- debian/
Remove calls to unload_
- debian/
debian/
aa-
on an upstream patch but adjusted to source the /lib/apparmor/
shipped in Debian/Ubuntu.
- CVE-2017-6507
* debian/
nvidia abstraction for newer nvidia drivers (LP: #1590561)
-- Tyler Hicks <email address hidden> Fri, 24 Mar 2017 05:26:28 +0000