openSUSE-RU-2014:1483-1: moderate: AppArmor
openSUSE Recommended Update: AppArmor ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:1483-1 Rating: moderate References: #857122 #863226 #869787 #870607 #874094 #885317 #886225 #889650 #889651 #889652 #892374 #899746 #904620 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This recommended update for AppArmor fixes the following issues: - Update from version 2.8.2 to 2.8.4 and several bugfixes + delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042) + mod_apparmor: try uri hat after AADefaultHatName, not before. Fixes the regression in 2.8.3 (lp#1322778) + libapparmor: fix log parsing memory leaks (lp#1340927) + parser: Fix profile loads from cache files that contain multiple profiles + several profiles and abstractions/* updates (including bnc#857122#c2, bnc#899746, bnc#869787, bnc#886225) + see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_4 for details + add Provides: apparmor-abstractions to apparmor-profiles + deny capability block_suspend for /usr/lib/dovecot/imap + usr.lib.dovecot.auth: allow /var/run/dovecot/auth-token-secret.dat{,.tmp} + allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf/<ifacename>/mtu (bnc#892374) + usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading plaintext password files (bnc#874094) + Rename rpmlintrc to %{name}-rpmlintrc to follow the packaging guidelines. + perl-apparmor: Fix handling of network (or network all) (bnc#889650) + perl-apparmor: Fix handling of capability keyword (bnc#889651) + perl-apparmor: Properly handle bare file keyword (bnc#889652) + permit clustered Samba access to CTDB socket and databases (bnc#885317) + fix problems with dovecot and managesieve + add #include <abstractions/wutmp> to usr.lib.dovecot.auth + update usr.sbin.winbindd profile (bnc#870607) * restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/ + update usr.sbin.winbindd profile (bnc#870607) * treat passdb.tdb.tmp as passdb.tdb * allow rw access to /var/tmp/ + add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send) + fix some cache clearing bugs in apparmor_parser + various fixes in mod_apparmor + several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) + see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details + use current ruby macros, the rb_sitearch is obsolete since at least 12.1 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-709 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): apache2-mod_apparmor-2.8.4-4.17.1 apache2-mod_apparmor-debuginfo-2.8.4-4.17.1 apparmor-debugsource-2.8.4-4.17.1 apparmor-parser-2.8.4-4.17.1 apparmor-parser-debuginfo-2.8.4-4.17.1 libapparmor-devel-2.8.4-4.17.1 libapparmor1-2.8.4-4.17.1 libapparmor1-debuginfo-2.8.4-4.17.1 pam_apparmor-2.8.4-4.17.1 pam_apparmor-debuginfo-2.8.4-4.17.1 perl-apparmor-2.8.4-4.17.1 perl-apparmor-debuginfo-2.8.4-4.17.1 python3-apparmor-2.8.4-4.17.1 python3-apparmor-debuginfo-2.8.4-4.17.1 ruby-apparmor-2.8.4-4.17.1 ruby-apparmor-debuginfo-2.8.4-4.17.1 - openSUSE 13.1 (x86_64): libapparmor1-32bit-2.8.4-4.17.1 libapparmor1-debuginfo-32bit-2.8.4-4.17.1 pam_apparmor-32bit-2.8.4-4.17.1 pam_apparmor-debuginfo-32bit-2.8.4-4.17.1 - openSUSE 13.1 (noarch): apparmor-docs-2.8.4-4.17.1 apparmor-parser-lang-2.8.4-4.17.1 apparmor-profiles-2.8.4-4.17.1 apparmor-utils-2.8.4-4.17.1 apparmor-utils-lang-2.8.4-4.17.1 References: https://bugzilla.suse.com/show_bug.cgi?id=857122 https://bugzilla.suse.com/show_bug.cgi?id=863226 https://bugzilla.suse.com/show_bug.cgi?id=869787 https://bugzilla.suse.com/show_bug.cgi?id=870607 https://bugzilla.suse.com/show_bug.cgi?id=874094 https://bugzilla.suse.com/show_bug.cgi?id=885317 https://bugzilla.suse.com/show_bug.cgi?id=886225 https://bugzilla.suse.com/show_bug.cgi?id=889650 https://bugzilla.suse.com/show_bug.cgi?id=889651 https://bugzilla.suse.com/show_bug.cgi?id=889652 https://bugzilla.suse.com/show_bug.cgi?id=892374 https://bugzilla.suse.com/show_bug.cgi?id=899746 https://bugzilla.suse.com/show_bug.cgi?id=904620
participants (1)
-
maintenance@opensuse.org