Univention Bugzilla – Bug 46628
apparmor: Multiple issues (4.3)
Last modified: 2018-05-16 17:04:05 CEST
New Debian apparmor 2.11.0-3+deb9u2 fixes: This update addresses the following issue: * Pin the AppArmor feature set to Stretch's kernel. This ensures Stretch systems, even when running a newer kernel (e.g. from backports), have their AppArmor feature set pinned to the one supported by the AppArmor policy shipped in Stretch. Otherwise they would experience breakage due to new AppArmor mediation features introduced in recent kernels.
[4.3-0] 6d775034ff Bug #46628: apparmor_2.11.0-3+deb9u2
--- mirror/ftp/4.3/unmaintained/4.3-0/source/apparmor_2.11.0-3.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/apparmor_2.11.0-3+deb9u2.dsc @@ -1,3 +1,20 @@ +2.11.0-3+deb9u2 [Tue, 27 Feb 2018 10:59:06 +0000] intrigeri <intrigeri@debian.org>: + + * Move the features file to /usr/share/apparmor-features; + accordingly remove the old (now obsolete) '/etc/apparmor/features' + conffile (Closes: #883682). + * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches + with numbers. + +2.11.0-3+deb9u1 [Sat, 25 Nov 2017 18:04:05 +0000] intrigeri <intrigeri@debian.org>: + + * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585). + This ensures Stretch systems, even when running a newer kernel (e.g. + from backports), have their AppArmor feature set pinned to the one + supported by the AppArmor policy shipped in Stretch. Otherwise they + would experience breakage due to new AppArmor mediation features + introduced in recent kernels. + 2.11.0-3 [Tue, 28 Mar 2017 10:29:15 +0000] intrigeri <intrigeri@debian.org>: * Fix CVE-2017-6507: don't unload unknown profiles during package
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.3/42.html>