A set of AppArmor vulnerabilities

Qualys has sent out a
somewhat breathless advisory describing a number of vulnerabilities in
the AppArmor security module, which is used in a number of Debian-based
distributions (among others).

This “CrackArmor” advisory exposes a confused-deputy flaw allowing
unprivileged users to manipulate security profiles via
pseudo-files, bypass user-namespace restrictions, and execute
arbitrary code within the kernel. These flaws facilitate local
privilege escalation to root through complex interactions with
tools like Sudo and Postfix, alongside denial-of-service attacks
via stack exhaustion and Kernel Address Space Layout Randomization
(KASLR) bypasses via out-of-bounds reads.