14 DAY TRIAL // On December 19, Canonical published, in a security notice, details about an AppArmor update for its Ubuntu 12.04 LTS (Precise Pangolin) and Ubuntu 11.10 (Oneiric Ocelot) operating systems.
According to Canonical, a weakness was discovered in the example AppArmor profile for chromium-browser.
Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could have been be escaped by calling xdg-settings with a crafted environment.
“In practice, AppArmor suffers from the same weaknesses that plague other similar MAC systems. First, AppArmor does very little to reduce the attack surface of the kernel itself. As a result, it only takes one kernel vulnerability to break out of an AppArmor sandbox entirely,” stated Dan Rosenberg in a blog post.
For a more detailed description of the security problems, you can visit Canonical's security notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest apparmor-profiles specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.