=========================================================================Ubuntu Security Notice USN-3784-1
October 04, 2018
AppArmor update
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Use a more restrictive blacklist in several policy abstractions.
Software Description:
- apparmor: Linux security system
Details:
As a security improvement, this update adjusts the private-files abstraction to
disallow writing to thumbnailer configuration files. Additionally adjust the
private-files, private-files-strict and user-files abstractions to disallow
writes on parent directories of sensitive files.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
apparmor 2.12-4ubuntu5.1
Ubuntu 16.04 LTS:
apparmor 2.10.95-0ubuntu2.10
Ubuntu 14.04 LTS:
apparmor 2.10.95-0ubuntu2.6~14.04.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-3784-1
https://launchpad.net/bugs/1788929, https://launchpad.net/bugs/1794848
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.12-4ubuntu5.1
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.10
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6~14.04.4