AppArmor 2.9.5
AppArmor 2.9.5 Release
Milestone information
- Project:
- AppArmor
- Series:
- 2.9
- Version:
- 2.9.5
- Released:
- Registrant:
- John Johansen
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 5 Fix Released
Download files for this release
Release notes
AppArmor 2.9.5 is an incremental bug fix release over AppArmor 2.9.4 that is focused on fixing issues in the userspace code.
It includes the changes in the 2.9 branch between r3045 (AppArmor 2.9.4) and r3068.
Policy Compiler (a.k.a apparmor_parser)
Fix af_unix downgrade of network rules
parser Fix delete after new[]
Init
Preserve unknown profiles when restarting apparmor init/job/unit. CVE-2017-6507 lp#1668892
Utils
aa-logprof - Ignore change_hat events with error=-1 and "unconfined can not change_hat"
aa-unconfined - fix netstat invocation regression
Add aa-remove-unknown utility to unload unknown profiles lp#1668892
Remove re.LOCALE flag lp#1661766
Policy
abstractions
base - update for glibc use of /proc/*/auxv and /proc/*/status
apache2 - updates for proper signal handling, optional saslauth, and OCSP stapling
Adjust python abstraction for python3.6
dovecot
Allow /var/run/
add the attach_disconnected flag
change Px to mrPx for /usr/lib/dovecot/*
Add several permissions to the dovecot profiles that are needed on ubuntu lp#1512131
dovecot-lda needs lp#1650827
traceroute updates https:/
Samba profile updates for ActiveDirectory / Kerberos
Postfix
** change abstractions/
** add several permissions to postfix/error, postfix/lmtp and postfix/pipe
** remove superfluous abstractions/
Documentation
aa-status: update man page for updated podchecker lp#1707614
utils: Add --no-reload option to manpage
Tests
libapparmor
remove test_multi unconfined-
regression/
fix environ fail case
Changelog
This release does not have a changelog.
0 blueprints and 5 bugs targeted
Bug report | Importance | Assignee | Status | |||
---|---|---|---|---|---|---|
1512131 | #1512131 | Apparmor complains about multiple /run/dovecot file access | 1 Undecided | 10 Fix Released | ||
1650827 | #1650827 | /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path" | 1 Undecided | 10 Fix Released | ||
1658238 | #1658238 | apache2 abstraction incomplete | 1 Undecided | 10 Fix Released | ||
1658239 | #1658239 | base abstraction missing glibc /proc/$pid/ things | 1 Undecided | 10 Fix Released | ||
1668892 | #1668892 | CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles | 1 Undecided | 10 Fix Released |