Ubuntu 16.04 LTS: USN-4008-2 Moderate: AppArmor Policy Update
Jun 05, 2019
•
LinuxSecurity Advisories
1 - 2 min read
Several policy updates were made for running under the recently updated Linux kernel.
=========================================================================Ubuntu Security Notice USN-4008-2
June 05, 2019
apparmor update
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several policy updates were made for running under the recently updated
Linux kernel.
Software Description:
- apparmor: Linux security system
Details:
USN-4008-1 fixed multiple security issues in the Linux kernel. This
update
provides the corresponding changes to AppArmor policy for correctly
operating under the Linux kernel with fixes for CVE-2019-11190. Without
these changes, some profile transitions may be unintentionally denied
due
to missing mmap ('m') rules.
Original advisory details:
Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for
setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)
It was discovered that a null pointer dereference vulnerability
existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker
could
use this to cause a denial of service (system crash). (CVE-2019-11810)
It was discovered that a race condition leading to a use-after-free
existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the
Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If
enabled, a
local attacker could use this to cause a denial of service (system
crash)
or possibly execute arbitrary code. (CVE-2019-11815)
Federico Manuel Bento discovered that the Linux kernel did not
properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out
binary.
(CVE-2019-11191)
As a hardening measure, this update disables a.out support.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
apparmor-profiles 2.10.95-0ubuntu2.11
python3-apparmor 2.10.95-0ubuntu2.11
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-4008-2
https://ubuntu.com/security/notices/USN-4008-1
CVE-2019-11190
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.11
PREVIOUS
NEXT
Ubuntu 16.04 LTS: USN-4008-2 Moderate: AppArmor Policy Update
ubuntu
June 5, 2019
Several policy updates were made for running under the recently updated Linux kernel.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: apparmor-profiles 2.10.95-0ubuntu2.11 python3-apparmor 2.10.95-0ubuntu2.11 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4008-2
https://ubuntu.com/security/notices/USN-4008-1
CVE-2019-11190
June 05, 2019
Package Information
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.11
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!