UbuntuUpdates.org

Package "apparmor"

Name: apparmor

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • AppArmor debhelper routines
  • AppArmor Python utility library
  • AppArmor library Python bindings

Latest version: 2.10.95-0ubuntu2.12
Release: xenial (16.04)
Level: updates
Repository: universe

Links



Other versions of "apparmor" in Xenial

Repository Area Version
base main 2.10.95-0ubuntu2
base universe 2.10.95-0ubuntu2
security universe 2.10.95-0ubuntu2.12
security main 2.10.95-0ubuntu2.12
updates main 2.10.95-0ubuntu2.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.95-0ubuntu2.7 2017-09-13 00:06:42 UTC

  apparmor (2.10.95-0ubuntu2.7) xenial; urgency=medium

  * Remove initramfs-tools from the dependencies; this isn't used and the
    dependency has been dropped in later releases. LP: #1713169.

 -- Steve Langasek <email address hidden> Fri, 25 Aug 2017 16:54:53 -0700

Source diff to previous version

Version: 2.10.95-0ubuntu2.6 2017-03-28 17:07:07 UTC

  apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000

Source diff to previous version
1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles
CVE-2017-6507 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste

Version: 2.10.95-0ubuntu2.5 2016-10-27 18:06:42 UTC

  apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium

  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests for stacking so that the kernel SRU process is not
    interrupted by failing tests whenever the AppArmor stacking features are
    backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
    receives a 4.8 or newer kernel
    - debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
      exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
    - debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
      exec_stack.sh fix mentioned above to more accurately test kernels older
      than 4.8 (LP: #1630069)
    - debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
      patch earlier in the series, as to match when it was committed upstream,
      so that the above two patches can be cherry-picked from lp:apparmor

 -- Tyler Hicks <email address hidden> Fri, 07 Oct 2016 05:21:44 +0000

Source diff to previous version
1628285 apparmor should be allowed to start in containers
1628745 Change in kernel exec transition behavior causes regression tests to fail
1630069 Regression tests can not detect binfmt_elf mmpa semantic change

Version: 2.10.95-0ubuntu2.2 2016-08-16 21:07:09 UTC

  apparmor (2.10.95-0ubuntu2.2) xenial; urgency=medium

  * r3498-r3499-ignore-net-events-that-look-like-file-events.patch: Prevent an
    aa-logprof crash by ignoring file events that contains send *and* receive
    in the request mask. This is an improvement to the previous fix that only
    addressed events that contained send *or* receive.
    (LP: #1577051, LP: #1582374)
    - debian/rules: Create a new empty file, needed for the test added by this
      patch, since quilt is unable to do so.

 -- Tyler Hicks <email address hidden> Mon, 01 Aug 2016 18:03:36 -0500

1577051 aa-logprof fails with unknown mode \
1582374 Log contains unknown mode senw



About   -   Send Feedback to @ubuntu_updates