Explore top 10 tips to secure your open-source projects now. Read More
×
Several policy updates were made for running under the recently updated
Linux kernel.
Software Description:
- apparmor: Linux security system
Details:
USN-4008-1 fixed multiple security issues in the Linux kernel. This
update
provides the corresponding changes to AppArmor policy for correctly
operating under the Linux kernel with fixes for CVE-2019-11190. Without
these changes, some profile transitions may be unintentionally denied
due
to missing mmap ('m') rules.
Original advisory details:
Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for
setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)
It was discovered that a null pointer dereference vulnerability
existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker
could
use this to...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: apparmor-profiles 2.10.95-0ubuntu2.11 python3-apparmor 2.10.95-0ubuntu2.11 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4008-2
https://ubuntu.com/security/notices/USN-4008-1
CVE-2019-11190
Get the latest Linux and open source security news straight to your inbox.