Ubuntu
bind9 package

apparmor profile should be in complain mode on certain upgrades

Bug #203528 reported by Jamie Strandboge on 2008-03-18

2

Affects		Status	Importance	Assigned to	Milestone
	bind9 (Ubuntu)	Fix Released	Undecided	LaMont Jones

Bug Description

Binary package hint: bind9

As shipped, the apparmor profile is in enforcing mode. This should change to follow https://wiki.ubuntu.com/ApparmorProfileMigration.

CVE References

2008-0122

Jamie Strandboge (jdstrand) on 2008-03-18

Changed in bind9:
assignee:	nobody → jamie-strandboge
status:	New → Triaged

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-03-18: Re: [Bug 203528] apparmor profile should be in complain mode on certain upgrades

#1

0001-fix-for-LP-203528-force-complain-for-apparmor-on.patch Edit (2.4 KiB, text/x-diff)

This work is based on https://wiki.ubuntu.com/ApparmorProfileMigration.
Confirmed to work on bind9 dapper - hardy upgrade, bind9 +
apparmor-profiles gutsy - hardy and standard upgrades and installs.

status inprogress

Changed in bind9:
status:	Triaged → In Progress

Revision history for this message

LaMont Jones (lamont) wrote on 2008-03-18:

#2

in 1:9.4.2-8

Changed in bind9:
assignee:	jamie-strandboge → lamont
status:	In Progress → Fix Committed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-03-19:

#3

0002-debian-bind9.postrm-purge-etc-apparmor.d-force-com.patch Edit (771 bytes, text/x-diff)

Please also include this patch to postrm also. Sorry for the additional
patch.

Revision history for this message

LaMont Jones (lamont) wrote on 2008-03-19:

#4

0002 also in -8.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-04-04:

#5

This bug was fixed in the package bind9 - 1:9.4.2-9

---------------
bind9 (1:9.4.2-9) unstable; urgency=low

* apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
* apparmor: make profile match README.Debian

bind9 (1:9.4.2-8) unstable; urgency=low

[ISC]

* CVE-2008-0122: off by one error in (unused) inet_network function.
Closes: #462783 LP: #203476

[Michael Milligan]

* Fix min-cache-ttl and min-ncache-ttl keywords

[Jamie Strandboge]

* apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528
* debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named

bind9 (1:9.4.2-7) unstable; urgency=low

[Jamie Strandboge]

* Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954

[LaMont Jones]

* Drop root-delegation comments from named.conf. Closes: #217829, #297219

-- LaMont Jones <email address hidden> Fri, 04 Apr 2008 11:44:26 +0100

Changed in bind9:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.