{"id":"USN-4008-2","summary":"apparmor update","details":"USN-4008-1 fixed multiple security issues in the Linux kernel. This update\nprovides the corresponding changes to AppArmor policy for correctly\noperating under the Linux kernel with fixes for CVE-2019-11190. Without\nthese changes, some profile transitions may be unintentionally denied due\nto missing mmap ('m') rules.\n\nOriginal advisory details:\n\n Robert Święcki discovered that the Linux kernel did not properly apply\n Address Space Layout Randomization (ASLR) in some situations for setuid elf\n binaries. A local attacker could use this to improve the chances of\n exploiting an existing vulnerability in a setuid elf binary.\n (CVE-2019-11190)\n \n It was discovered that a null pointer dereference vulnerability existed in\n the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could\n use this to cause a denial of service (system crash). (CVE-2019-11810)\n \n It was discovered that a race condition leading to a use-after-free existed\n in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux\n kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If\n enabled, a local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2019-11815)\n \n Federico Manuel Bento discovered that the Linux kernel did not properly\n apply Address Space Layout Randomization (ASLR) in some situations for\n setuid a.out binaries. A local attacker could use this to improve the\n chances of exploiting an existing vulnerability in a setuid a.out binary.\n (CVE-2019-11191)\n \n As a hardening measure, this update disables a.out support.\n","modified":"2026-02-10T04:41:33Z","published":"2019-06-05T19:43:51Z","upstream":["CVE-2019-11190","UBUNTU-CVE-2019-11190"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4008-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11190"}],"affected":[{"package":{"name":"apparmor","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/apparmor@2.10.95-0ubuntu2.11?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.95-0ubuntu2.11"}]}],"versions":["2.10-0ubuntu6","2.10-0ubuntu7","2.10-0ubuntu8","2.10-0ubuntu10","2.10-0ubuntu11","2.10-0ubuntu12","2.10-3ubuntu1","2.10-3ubuntu2","2.10.95-0ubuntu1","2.10.95-0ubuntu2","2.10.95-0ubuntu2.2","2.10.95-0ubuntu2.5","2.10.95-0ubuntu2.6","2.10.95-0ubuntu2.7","2.10.95-0ubuntu2.8","2.10.95-0ubuntu2.9","2.10.95-0ubuntu2.10"],"ecosystem_specific":{"binaries":[{"binary_name":"apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"apparmor-docs","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"apparmor-easyprof","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"apparmor-notify","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"apparmor-profiles","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"apparmor-utils","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"dh-apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"libapache2-mod-apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"libapparmor-dev","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"libapparmor-perl","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"libapparmor1","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"libpam-apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"python-apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"python-libapparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"python3-apparmor","binary_version":"2.10.95-0ubuntu2.11"},{"binary_name":"python3-libapparmor","binary_version":"2.10.95-0ubuntu2.11"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4008-2.json"}}],"schema_version":"1.7.3"}