HackadayThis Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown
This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown https://hackaday.com/2026/03/20/this-week-in-security-linux-flaws-python-ownage-and-a-botnet-shutdown/
#HackadayColumns #SecurityHacks #Apparmor #Botnet #Git #Python #Snapd #ThisWeekinSecurity #Ubuntu #Unifi
#HackadayColumns #SecurityHacks #Apparmor #Botnet #Git #Python #Snapd #ThisWeekinSecurity #Ubuntu #Unifi
Otto🛡️ MariaDB's new AppArmor profile is now enforcing in Debian unstable and heading to Ubuntu 26.04. I developed it against 7,000+ tests to minimize false positives, full story at https://optimizedbyotto.com/post/new-apparmor-profile-for-mariadb/
If you are a dba/sysadmin, check your logs and share feedback via the Debian bug tracker.
Automated security validation: How 7,000+ tests shaped MariaDB's new AppArmor profile
Linux kernel security modules provide a good additional layer of security around individual programs by restricting what they are allowed to do, and at best block and detect zero-day security vulnerabilities as soon as anyone tries to exploit them, long before they are widely known and reported. However, the challenge is how to create these security profiles without accidentally also blocking legitimate actions. For MariaDB in Debian and Ubuntu, a new AppArmor profile was recently created by leveraging the extensive test suite with 7000+ tests, giving good confidence that AppArmor is unlikely to yield false positive alerts with it.\n
larsAppArmor-Sicherheitslücken erklärt: Was „CrackArmor“ für Linux-Nutzer wirklich bedeutet
**Sicherheitslücken in AppArmor: Warum Linux-Updates jetzt wichtig sind** Neun kritische Schwachstellen in AppArmor (CrackArmor) ermöglichen Rechteausweitung und Container-Escape. Betroffen sind Ubuntu-Systeme – Updates sind dringend nötig.AppArmor-Sicherheitslücken erklärt: Was „CrackArmor“ für Linux-Nutzer wirklich bedeutet | Das Netz und ich
**Sicherheitslücken in AppArmor: Warum Linux-Updates jetzt wichtig sind** Neun kritische Schwachstellen in AppArmor (CrackArmor) ermöglichen Rechteausweitung und Container-Escape. Betroffen sind Ubuntu-Systeme – Updates sind dringend nötig.
Qiita - 人気の記事
fosstopia 🇩🇪Achtung CrackArmor: Neue AppArmor Lücken bedrohen Linux Systeme https://fosstopia.de/linux-apparmor-lucken/ #AppArmor #CrackArmor #EnterpriseLinux #Kernel #Linux #LinuxSecurity
The Threat CodexCrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
#AppArmor
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
#AppArmor
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root | Qualys
Qualys TRU has discovered confused deputy vulnerabilities in AppArmor (named “CrackArmor”) that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2010, and compromises 20 million+ systems globally. Immediate kernel patching is recommended to neutralize these vulnerabilities.
securityaffairsUnprivileged users could exploit #AppArmor bugs to gain root access
https://securityaffairs.com/189487/hacking/unprivileged-users-could-exploit-apparmor-bugs-to-gain-root-access.html
#securityaffairs #hacking #Linux
https://securityaffairs.com/189487/hacking/unprivileged-users-could-exploit-apparmor-bugs-to-gain-root-access.html
#securityaffairs #hacking #Linux
CyberVeille.ch📢 CrackArmor : des failles critiques d’AppArmor permettent l’élévation locale à root et la rupture d’isolation
📝 Source et contexte —...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-14-crackarmor-des-failles-critiques-dapparmor-permettent-lelevation-locale-a-root-et-la-rupture-disolation/
🌐 source : https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
#AppArmor #IOC #Cyberveille
📝 Source et contexte —...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-14-crackarmor-des-failles-critiques-dapparmor-permettent-lelevation-locale-a-root-et-la-rupture-disolation/
🌐 source : https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
#AppArmor #IOC #Cyberveille
CrackArmor : des failles critiques d’AppArmor permettent l’élévation locale à root et la rupture d’isolation
Source et contexte — Qualys (Threat Research Unit) publie un avis de recherche détaillant « CrackArmor », un ensemble de neuf vulnérabilités dans AppArmor, le module de sécurité Linux par défaut sur Ubuntu, Debian et SUSE. Présentes depuis 2017 (noyau v4.11), elles exposent plus de 12,6 M de systèmes. Des PoC complets existent (non publiés), aucun CVE n’est encore attribué, et un correctif noyau immédiat est recommandé. • Mécanisme principal: des failles de type « confused deputy » permettent à un utilisateur non privilégié de manipuler des profils AppArmor via des pseudo-fichiers système (p. ex. /sys/kernel/security/apparmor/.load, .replace, .remove), de contourner les restrictions de user namespaces et d’atteindre une exécution de code au sein du noyau. Des interactions avec des outils de confiance comme Sudo et Postfix participent à la chaîne d’exploitation.
DeuZa#CrackArmor : neuf vulnérabilités ont été découvertes dans #AppArmor remontant au noyau #Linux 4.11 (2017) et pourraient affecter plus de 12,6 millions de systèmes.
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root | Qualys
Qualys TRU has discovered confused deputy vulnerabilities in AppArmor (named “CrackArmor”) that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2010, and compromises 20 million+ systems globally. Immediate kernel patching is recommended to neutralize these vulnerabilities.