[apparmor] [Bug 781961] Re: Format string bugs in apparmor-utils
Jamie Strandboge
jamie at ubuntu.com
Wed Aug 31 18:08:07 UTC 2011
This was fixed in 2.7.0~beta1+bzr1774-1.
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/781961
Title:
Format string bugs in apparmor-utils
Status in AppArmor Linux application security framework:
Fix Released
Status in AppArmor 2.6 series:
Fix Committed
Status in “apparmor” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: apparmor-utils
/usr/sbin/audit and /usr/sbin/autodep and /usr/sbin/enforce have
format string bugs .
test case :
emanuel at emanuel-desktop:/tmp$ /usr/sbin/audit "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/audit line 122.
emanuel at emanuel-desktop:/tmp$ /usr/sbin/autodep "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/autodep line 112.
emanuel at emanuel-desktop:/tmp$ /usr/sbin/enforce "/tmp/%9999999999999s"
Integer overflow in format string for sprintf at /usr/sbin/enforce line 132.
the bug can be found at :
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') . $profiling));
fix : (like in /usr/sbin/complain)
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/781961/+subscriptions
More information about the AppArmor
mailing list