Format: 1.8 Date: Tue, 06 Mar 2024 15:40:00 -0300 Source: apparmor Architecture: source Version: 2.13.3-7ubuntu5.4 Distribution: focal-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Rodrigo Figueiredo Zaiden Launchpad-Bugs-Fixed: 1597017 Changes: apparmor (2.13.3-7ubuntu5.4) focal-security; urgency=medium . * SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017) - d/p/CVE-2016-1585/parser-Fix-expansion-of-variables-in-unix-rules-addr.patch: add calls to filter_slashes() in parser/af_unix.cc, make it external in parser/parser.h and change it to void in parser/parser_regex.c. - d/p/CVE-2016-1585/parser-enable-variable-expansion-for-mount-type-and-.patch: add variable expansion with expand_entry_variables() in parser/mount.cc. - d/p/CVE-2016-1585/parser-call-filter-slashes-for-mount-conditionals.patch: add calls to filter_slashes() in parser/mount.cc. - d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch: update rule qualifiers in regression tests in tests/regression/apparmor/mkprofile.pl and tests/regression/apparmor/capabilities.sh. - d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h and fix multiple test cases in parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount regression tests in tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c, tests/regression/apparmor/mount.sh and tests/regression/apparmor/mkprofile.pl. - d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch: add missing kernel mount options flag in parser/apparmor.d.pod, parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh and parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update test profiles in parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch: update gen_policy_change_mount_type() in parser/mount.cc and also updated tests on parser/tst/simple_tests/mount/* and tests/regression/apparmor/mount.sh. - d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch: add device checks in gen_flag_rules() in parser/mount.cc and tests in parser/tst/simple_tests/mount/*, parser/tst/equality.sh, tests/regression/apparmor/mount.sh and utils/test/test-parser-simple-tests.py. - d/p/CVE-2016-1585/Fix-build-failure-in-df4ed537e-allow-reading-of-etc-.patch: remove the WARN_DEPRECATED flag in pwarn call in parser/mount.cc. - d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch: remove deprecation warning message in parser/mount.cc. - CVE-2016-1585 Checksums-Sha1: d0c8971a715fb6e09fc87bf88030d3cd3c2d1f5b 3018 apparmor_2.13.3-7ubuntu5.4.dsc 0e6f6cdd079b52bdf8543e1e7cb5bfb0f342da59 165276 apparmor_2.13.3-7ubuntu5.4.debian.tar.xz 817ed8af93b2a7750738de03a16d698ab72c23c3 8779 apparmor_2.13.3-7ubuntu5.4_source.buildinfo Checksums-Sha256: c44f0c142bbaa34f9bd5da17e470d4f58275424eb3745e29dbf72f1ce1410947 3018 apparmor_2.13.3-7ubuntu5.4.dsc 554add1381e1bcf983bdf54377cced8b071de54b8d9bd4d436a8e3f3473af12d 165276 apparmor_2.13.3-7ubuntu5.4.debian.tar.xz ff87e00d0880440f5c84bbbb593d7ae069b9b503780700f5e2548b3572900d99 8779 apparmor_2.13.3-7ubuntu5.4_source.buildinfo Files: 32e13d5980c350f4c05aebe44ef0f22e 3018 admin optional apparmor_2.13.3-7ubuntu5.4.dsc c6f6ef9f49003cccd37700c9133e9ac5 165276 admin optional apparmor_2.13.3-7ubuntu5.4.debian.tar.xz c660e26d8dd4984605e30003847da71f 8779 admin optional apparmor_2.13.3-7ubuntu5.4_source.buildinfo Original-Maintainer: Debian AppArmor Team