Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SuSE Update for AppArmor SUSE-SA:2007:015
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of AppArmor
Insight
Insight
Two new language features have been added to improve the confinement provided to applications executing other applications will confined by AppArmor. - Two new execute modifiers: 'P' and 'U' are provided and are flavors of the existing 'p' and 'u' modifiers but indicate that the environment should be stripped across the execute transition. Using " Ux" and " Px" avoids injecting code using LD_PRELOAD and similar variables into the started executables by a infected profiled program. The environment variable filtering is the same as used for setuid applications. - A new permission 'm' is required when an application executes mmap(2) with protection PROT_EXEC. This avoids infected binaries escalating the " r" privilege to a file into a " rx" privilege. Note that both issues are not directly security fixes, they instead avoid common problems during profile creation. These changes also require a new kernel, which we released in December 2006, tracked by our advisory SUSE-SA:2006:079. Only SUSE Linux Enterprise Server 9 (and related products) and SUSE Linux 10.0 are affected by this change. SUSE Linux 10.1, SUSE Linux Enterprise 10 and newer products already contain the new profile syntax and behavior.
Affected Software
Affected Software
AppArmor on SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9
Solution
Solution
Please Install the Updated Packages.