Executive Summary

Summary
Title AppArmor update
Informations
NameUSN-4008-2First vendor Publication2019-06-05
VendorUbuntuLast vendor Modification2019-06-05
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several policy updates were made for running under the recently updated Linux kernel.

Software Description: - apparmor: Linux security system

Details:

USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap ('m') rules.

Original advisory details:

Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.
(CVE-2019-11191)

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS:
apparmor-profiles 2.10.95-0ubuntu2.11
python3-apparmor 2.10.95-0ubuntu2.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4008-2
https://usn.ubuntu.com/4008-1
CVE-2019-11190

Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.11

Original Source

Url : http://www.ubuntu.com/usn/USN-4008-2

CWE : Common Weakness Enumeration

%idName
75 %CWE-362Race Condition
25 %CWE-476NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3037

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-06-06 00:18:45
  • First insertion