{"id":"USN-3784-1","summary":"AppArmor update","details":"As a security improvement, this update adjusts the private-files abstraction to\ndisallow writing to thumbnailer configuration files. Additionally adjust the\nprivate-files, private-files-strict and user-files abstractions to disallow\nwrites on parent directories of sensitive files.\n","modified":"2026-04-22T09:50:44.778185Z","published":"2018-10-04T21:34:40Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3784-1"},{"type":"REPORT","url":"https://launchpad.net/bugs/1788929"},{"type":"REPORT","url":"https://launchpad.net/bugs/1794848"}],"affected":[{"package":{"name":"apparmor","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/apparmor@2.10.95-0ubuntu2.6~14.04.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.95-0ubuntu2.6~14.04.4"}]}],"versions":["2.8.0-0ubuntu31","2.8.0-0ubuntu32","2.8.0-0ubuntu33","2.8.0-0ubuntu34","2.8.0-0ubuntu35","2.8.0-0ubuntu37","2.8.0-0ubuntu38","2.8.95~2430-0ubuntu1","2.8.95~2430-0ubuntu2","2.8.95~2430-0ubuntu3","2.8.95~2430-0ubuntu5","2.8.95~2430-0ubuntu5.1","2.8.95~2430-0ubuntu5.2","2.8.95~2430-0ubuntu5.3","2.10.95-0ubuntu2.5~14.04.1","2.10.95-0ubuntu2.6~14.04.1","2.10.95-0ubuntu2.6~14.04.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"apparmor-docs","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"apparmor-easyprof","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"apparmor-notify","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"apparmor-profiles","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"apparmor-utils","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"dh-apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"libapache2-mod-apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"libapparmor-perl","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"libapparmor1","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"libpam-apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"python-apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"python-libapparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"python3-apparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"},{"binary_name":"python3-libapparmor","binary_version":"2.10.95-0ubuntu2.6~14.04.4"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3784-1.json"}},{"package":{"name":"apparmor","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/apparmor@2.10.95-0ubuntu2.10?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.95-0ubuntu2.10"}]}],"versions":["2.10-0ubuntu6","2.10-0ubuntu7","2.10-0ubuntu8","2.10-0ubuntu10","2.10-0ubuntu11","2.10-0ubuntu12","2.10-3ubuntu1","2.10-3ubuntu2","2.10.95-0ubuntu1","2.10.95-0ubuntu2","2.10.95-0ubuntu2.2","2.10.95-0ubuntu2.5","2.10.95-0ubuntu2.6","2.10.95-0ubuntu2.7","2.10.95-0ubuntu2.8","2.10.95-0ubuntu2.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"apparmor-docs","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"apparmor-easyprof","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"apparmor-notify","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"apparmor-profiles","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"apparmor-utils","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"dh-apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"libapache2-mod-apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"libapparmor-perl","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"libapparmor1","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"libpam-apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"python-apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"python-libapparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"python3-apparmor","binary_version":"2.10.95-0ubuntu2.10"},{"binary_name":"python3-libapparmor","binary_version":"2.10.95-0ubuntu2.10"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3784-1.json"}},{"package":{"name":"apparmor","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/apparmor@2.12-4ubuntu5.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.12-4ubuntu5.1"}]}],"versions":["2.11.0-2ubuntu17","2.11.0-2ubuntu18","2.11.0-2ubuntu19","2.12-4ubuntu1","2.12-4ubuntu2","2.12-4ubuntu3","2.12-4ubuntu4","2.12-4ubuntu5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"apparmor-easyprof","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"apparmor-notify","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"apparmor-profiles","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"apparmor-utils","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"dh-apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"libapache2-mod-apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"libapparmor-perl","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"libapparmor1","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"libpam-apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"python-apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"python-libapparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"python3-apparmor","binary_version":"2.12-4ubuntu5.1"},{"binary_name":"python3-libapparmor","binary_version":"2.12-4ubuntu5.1"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3784-1.json"}}],"schema_version":"1.7.5"}