[Bug 1045986] Re: Ubuntu AppArmor policy is too lenient with shell scripts
Launchpad Bug Tracker
1045986 at bugs.launchpad.net
Tue Sep 18 12:01:20 UTC 2012
This bug was fixed in the package isc-dhcp - 4.1.ESV-R4-0ubuntu5.5
---------------
isc-dhcp (4.1.ESV-R4-0ubuntu5.5) precise-security; urgency=low
[ Jamie Strandboge ]
* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
since AppArmor isn't used in these environments.
- LP: #1045986
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via ipv6 lease expiration time
reduction
- debian/patches/CVE-2012-3955.patch: properly handle time reduction in
server/dhcpv6.c, server/mdb6.c.
- CVE-2012-3955
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 14 Sep 2012 12:58:33 -0400
** Changed in: isc-dhcp (Ubuntu Natty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in Ubuntu.
https://bugs.launchpad.net/bugs/1045986
Title:
Ubuntu AppArmor policy is too lenient with shell scripts
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045986/+subscriptions
More information about the Ubuntu-server-bugs
mailing list