UbuntuUpdates.org

Package "apparmor"

Name: apparmor

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • AppArmor debhelper routines
  • AppArmor Python utility library
  • AppArmor library Python bindings

Latest version: 2.10.95-0ubuntu2.9
Release: xenial (16.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "apparmor": https://www.ubuntuupdates.org/apparmor



Other versions of "apparmor" in Xenial

Repository Area Version
base main 2.10.95-0ubuntu2
base universe 2.10.95-0ubuntu2
security universe 2.10.95-0ubuntu2.6
security main 2.10.95-0ubuntu2.6
updates main 2.10.95-0ubuntu2.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.95-0ubuntu2.9 2018-03-12 12:06:50 UTC

  apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium

  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <email address hidden>

 -- Christian Ehrhardt <email address hidden> Tue, 20 Feb 2018 16:04:02 +0100

Source diff to previous version
1670408 apparmor base abstraction needs backport of rev 3658 to fix several denies (tor, ntp, ...)

Version: 2.10.95-0ubuntu2.8 2018-02-08 14:06:45 UTC

  apparmor (2.10.95-0ubuntu2.8) xenial; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden> Mon, 08 Jan 2018 07:43:46 -0800

Source diff to previous version
1717714 @{pid} variable broken on systems with pid_max more than 6 digits

Version: 2.10.95-0ubuntu2.7 2017-09-13 00:06:42 UTC

  apparmor (2.10.95-0ubuntu2.7) xenial; urgency=medium

  * Remove initramfs-tools from the dependencies; this isn't used and the
    dependency has been dropped in later releases. LP: #1713169.

 -- Steve Langasek <email address hidden> Fri, 25 Aug 2017 16:54:53 -0700

Source diff to previous version

Version: 2.10.95-0ubuntu2.6 2017-03-28 17:07:07 UTC

  apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000

Source diff to previous version
1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles
CVE-2017-6507 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste

Version: 2.10.95-0ubuntu2.5 2016-10-27 18:06:42 UTC

  apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium

  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests for stacking so that the kernel SRU process is not
    interrupted by failing tests whenever the AppArmor stacking features are
    backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
    receives a 4.8 or newer kernel
    - debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
      exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
    - debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
      exec_stack.sh fix mentioned above to more accurately test kernels older
      than 4.8 (LP: #1630069)
    - debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
      patch earlier in the series, as to match when it was committed upstream,
      so that the above two patches can be cherry-picked from lp:apparmor

 -- Tyler Hicks <email address hidden> Fri, 07 Oct 2016 05:21:44 +0000

1628285 apparmor should be allowed to start in containers
1628745 Change in kernel exec transition behavior causes regression tests to fail
1630069 Regression tests can not detect binfmt_elf mmpa semantic change



About   -   Send Feedback to @ubuntu_updates