Bug 636044

Summary:	sys-apps/apparmor: Security bypass vulnerability (CVE-2017-6507)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	trivial	CC:	hardened, kensington
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	~4 [upstream/ebuild]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-31 14:43:50 UTC

CVE-2017-6507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6507):
  An issue was discovered in AppArmor before 2.12. Incorrect handling of
  unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or
  systemd unit files allows an attacker to possibly have increased attack
  surfaces of processes that were intended to be confined by AppArmor. This is
  due to the common logic to handle 'restart' operations removing AppArmor
  profiles that aren't found in the typical filesystem locations, such as
  /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles
  in atypical directories, such as what's done by LXD and Docker, are affected
  by this flaw in the AppArmor init script logic.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-31 14:45:57 UTC


*** This bug has been marked as a duplicate of bug 635888 ***