Format: 1.8 Date: Tue, 06 Mar 2024 15:35:00 -0300 Source: apparmor Built-For-Profiles: noudeb Architecture: source Version: 3.0.4-2ubuntu2.4 Distribution: jammy-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Rodrigo Figueiredo Zaiden Launchpad-Bugs-Fixed: 1597017 Changes: apparmor (3.0.4-2ubuntu2.4) jammy-security; urgency=medium . * SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017) - d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h and fix multiple test cases in parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch: update rule qualifiers in regression tests in tests/regression/apparmor/mkprofile.pl and tests/regression/apparmor/capabilities.sh. - d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount regression tests in tests/regression/apparmor/mount.c, tests/regression/apparmor/mount.sh and tests/regression/apparmor/mkprofile.pl. - d/p/CVE-2016-1585/Check-for-newer-mount-options-in-regression-test.patch: add check for newer mount options in regression tests in tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c and tests/regression/apparmor/mount.sh. - d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch: add missing kernel mount options flag in parser/apparmor.d.pod, parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh and parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update test profiles in parser/tst/simple_tests/mount/*. - d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch: update gen_policy_change_mount_type() in parser/mount.cc and also updated tests on parser/tst/simple_tests/mount/* and tests/regression/apparmor/mount.sh. - d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch: remove deprecation warning message in parser/mount.cc. - d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch: add device checks in gen_flag_rules() in parser/mount.cc and tests in parser/tst/simple_tests/mount/*, parser/tst/equality.sh, tests/regression/apparmor/mount.sh and utils/test/test-parser-simple-tests.py. - CVE-2016-1585 Checksums-Sha1: 5efba89d0e7af481c70a2464870e7992253c9565 3263 apparmor_3.0.4-2ubuntu2.4.dsc db2af9e1df3c54ea6128bdc97e31f1925786510d 136888 apparmor_3.0.4-2ubuntu2.4.debian.tar.xz e7a0b440a2c9fbd9afdf37237ced12a25795d183 8945 apparmor_3.0.4-2ubuntu2.4_source.buildinfo Checksums-Sha256: f62916ea8cb1d1c5124d6baeef5f4c3c5f7175db3a1c672ad16f1c8750b33b10 3263 apparmor_3.0.4-2ubuntu2.4.dsc d3b39e9d0651d4fd882f0f70a9182da8def25fe52d26382f476b24d9aa0b4a79 136888 apparmor_3.0.4-2ubuntu2.4.debian.tar.xz d33631126fdb88b8ae3692745422124f6e20f217c09e32b031b07e6119641a41 8945 apparmor_3.0.4-2ubuntu2.4_source.buildinfo Files: facedf18c184ce25b824bf3558b75a65 3263 admin optional apparmor_3.0.4-2ubuntu2.4.dsc d73291dfbe218cb4fc58281b74ff36e2 136888 admin optional apparmor_3.0.4-2ubuntu2.4.debian.tar.xz 2f844b5ff490e1d301ffd218856f7c6d 8945 admin optional apparmor_3.0.4-2ubuntu2.4_source.buildinfo Original-Maintainer: Debian AppArmor Team