Ubuntu
bind9 package

apparmor profile should be in complain mode on certain upgrades

Bug #203528 reported by Jamie Strandboge on 2008-03-18

Affects

Status

Importance

Assigned to

Milestone

bind9 (Ubuntu)

Fix Released

Undecided

LaMont Jones

You need to log in to change this bug's status.

Affecting:	bind9 (Ubuntu)
Filed here by:	Jamie Strandboge
When:	2008-03-18
Confirmed:	2008-03-18
Assigned:	2008-03-18
Started work:	2008-03-18
Completed:	2008-04-04

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Undecided

Assigned to

	Me
	LaMont Jones (lamont)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

Binary package hint: bind9

As shipped, the apparmor profile is in enforcing mode. This should change to follow https://wiki.ubuntu.com/ApparmorProfileMigration.

Add tags Tag help

CVE References

2008-0122

Jamie Strandboge (jdstrand) on 2008-03-18

Changed in bind9:
assignee:	nobody → jamie-strandboge
status:	New → Triaged

Jamie Strandboge (jdstrand) wrote on 2008-03-18: Re: [Bug 203528] apparmor profile should be in complain mode on certain upgrades

0001-fix-for-LP-203528-force-complain-for-apparmor-on.patch Edit (2.4 KiB, text/x-diff)

This work is based on https://wiki.ubuntu.com/ApparmorProfileMigration.
Confirmed to work on bind9 dapper - hardy upgrade, bind9 +
apparmor-profiles gutsy - hardy and standard upgrades and installs.

status inprogress

Changed in bind9:
status:	Triaged → In Progress

LaMont Jones (lamont) wrote on 2008-03-18:

in 1:9.4.2-8

Changed in bind9:
assignee:	jamie-strandboge → lamont
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) wrote on 2008-03-19:

0002-debian-bind9.postrm-purge-etc-apparmor.d-force-com.patch Edit (771 bytes, text/x-diff)

Please also include this patch to postrm also. Sorry for the additional
patch.

LaMont Jones (lamont) wrote on 2008-03-19:

0002 also in -8.

Launchpad Janitor (janitor) wrote on 2008-04-04:

This bug was fixed in the package bind9 - 1:9.4.2-9

---------------
bind9 (1:9.4.2-9) unstable; urgency=low

* apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
* apparmor: make profile match README.Debian

bind9 (1:9.4.2-8) unstable; urgency=low

[ISC]

* CVE-2008-0122: off by one error in (unused) inet_network function.
Closes: #462783 LP: #203476

[Michael Milligan]

* Fix min-cache-ttl and min-ncache-ttl keywords

[Jamie Strandboge]

* apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528
* debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named

bind9 (1:9.4.2-7) unstable; urgency=low

[Jamie Strandboge]

* Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954

[LaMont Jones]

* Drop root-delegation comments from named.conf. Closes: #217829, #297219

-- LaMont Jones <email address hidden> Fri, 04 Apr 2008 11:44:26 +0100

Changed in bind9:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Ubuntubind9 package