USN-4008-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-4008-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4008-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4008-2

Related

Published

2019-06-05T19:43:51.296600Z

Modified

2019-06-05T19:43:51.296600Z

Summary

apparmor update

Details

USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap ('m') rules.

Original advisory details:

Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191)

As a hardening measure, this update disables a.out support.

References

Affected packages

Ubuntu:16.04:LTS / apparmor

Package

Name: apparmor
Purl: pkg:deb/ubuntu/apparmor@2.10.95-0ubuntu2.11?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.95-0ubuntu2.11

Affected versions

2.*

2.10-0ubuntu6

2.10-0ubuntu7

2.10-0ubuntu8

2.10-0ubuntu10

2.10-0ubuntu11

2.10-0ubuntu12

2.10-3ubuntu1

2.10-3ubuntu2

2.10.95-0ubuntu1

2.10.95-0ubuntu2

2.10.95-0ubuntu2.2

2.10.95-0ubuntu2.5

2.10.95-0ubuntu2.6

2.10.95-0ubuntu2.7

2.10.95-0ubuntu2.8

2.10.95-0ubuntu2.9

2.10.95-0ubuntu2.10

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libapparmor-dev": "2.10.95-0ubuntu2.11",
            "libpam-apparmor": "2.10.95-0ubuntu2.11",
            "libapache2-mod-apparmor": "2.10.95-0ubuntu2.11",
            "python3-apparmor": "2.10.95-0ubuntu2.11",
            "libapache2-mod-apparmor-dbgsym": "2.10.95-0ubuntu2.11",
            "libapparmor1-dbgsym": "2.10.95-0ubuntu2.11",
            "apparmor-easyprof": "2.10.95-0ubuntu2.11",
            "python3-libapparmor": "2.10.95-0ubuntu2.11",
            "python-apparmor": "2.10.95-0ubuntu2.11",
            "apparmor-profiles": "2.10.95-0ubuntu2.11",
            "apparmor": "2.10.95-0ubuntu2.11",
            "libpam-apparmor-dbgsym": "2.10.95-0ubuntu2.11",
            "libapparmor-perl-dbgsym": "2.10.95-0ubuntu2.11",
            "apparmor-docs": "2.10.95-0ubuntu2.11",
            "apparmor-dbgsym": "2.10.95-0ubuntu2.11",
            "libapparmor1": "2.10.95-0ubuntu2.11",
            "dh-apparmor": "2.10.95-0ubuntu2.11",
            "libapparmor-perl": "2.10.95-0ubuntu2.11",
            "python-libapparmor": "2.10.95-0ubuntu2.11",
            "apparmor-utils": "2.10.95-0ubuntu2.11",
            "apparmor-notify": "2.10.95-0ubuntu2.11"
        }
    ]
}