Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 42.x: SU-2017:0969-1 Important AppArmor Service Fix

opensuse
Calendar Grey April 10, 2017
Dist Opensuse Esm H88
The latest openSUSE security patch resolves a significant AppArmor flaw, providing enhancements for system safety and performance.
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...

Description

This update for apparmor fixes the following issues:

These security issues were fixed:

- CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service

(lp#1668892, boo#1029696)

- boo#1017260: Migration to apparmor.service accidently disable AppArmor.

Note: This will re-enable AppArmor if it was disabled by the last

update. You'll need to "rcapparmor reload" to actually load the

profiles, and then check aa-status for programs that need to be

restarted to apply the profiles.

These non-security issues were fixed:

- Fixed crash in aa-logprof on specific change_hat events

- boo#1016259: Added var.mount dependeny to apparmor.service

The aa-remove-unknown utility was added to unload unknown profiles

(lp#1668892)

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-452=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-452=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

apache2-mod_apparmor-2.10.2-12.3.1

apache2-mod_apparmor-debuginfo-2.10.2-12.3.1

apparmor-debugsource-2.10.2-12.3.1

apparmor-parser-2.10.2-12.3.1

apparmor-parser-debuginfo-2.10.2-12.3.1

libapparmor-devel-2.10.2-12.3.1

libapparmor1-2.10.2-12.3.1

libapparmor1-debuginfo-2.10.2-12.3.1

pam_apparmor-2.10.2-12.3.1

pam_apparmor-debuginfo-2.10.2-12.3.1

perl-apparmor-2.10.2-12.3.1

perl-apparmor-debuginfo-2.10.2-12.3.1

python3-apparmor-2.10.2-12.3.1

python3-apparmor-debuginfo-2.10.2-12.3.1

ruby-apparmor-2.10.2-12.3.1

ruby-apparmor-debuginfo-2.10.2-12.3.1

- openSUSE Leap 42.2 (x86_64):

libapparmor1-32bit-2.10.2-12.3.1

libapparmor1-debuginfo-32bit-2.10.2-12.3.1

pam_apparmor-32bit-2.10.2-12.3.1

pam_apparmor-debuginfo-32bit-2.10.2-12.3.1

- openSUSE Leap 42.2 (noarch):

apparmor-abstractions-2.10.2-12.3.1

apparmor-docs-2.10.2-12.3.1

apparmor-parser-lang-2.10.2-12.3.1

apparmor-profiles-2.10.2-12.3.1

apparmor-utils-2.10.2-12.3.1

apparmor-utils-lang-2.10.2-12.3.1

- openSUSE Leap 42.1 (i586 x86_64):

a...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-6507.html

https://bugzilla.suse.com/1016259

https://bugzilla.suse.com/1017260

https://bugzilla.suse.com/1029696

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0969-1
Rating: important
Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.