[Bug 1045986] Re: Ubuntu AppArmor policy is too lenient with shell scripts
Launchpad Bug Tracker
1045986 at bugs.launchpad.net
Tue Sep 18 12:01:27 UTC 2012
This bug was fixed in the package isc-dhcp - 4.1.1-P1-15ubuntu9.6
---------------
isc-dhcp (4.1.1-P1-15ubuntu9.6) natty-security; urgency=low
[ Jamie Strandboge ]
* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
since AppArmor isn't used in these environments.
- LP: #1045986
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via ipv6 lease expiration time
reduction
- debian/patches/CVE-2012-3955.patch: properly handle time reduction in
server/dhcpv6.c, server/mdb6.c.
- CVE-2012-3955
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 14 Sep 2012 13:04:46 -0400
** Changed in: dhcp3 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1045986
Title:
Ubuntu AppArmor policy is too lenient with shell scripts
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list