[ubuntu/trusty-security] apparmor 2.8.95~2430-0ubuntu5.1 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Thu Nov 20 20:16:39 UTC 2014
apparmor (2.8.95~2430-0ubuntu5.1) trusty-security; urgency=medium
* SECURITY UPDATE: An AppArmor profile compilation bug may result in
applications being confined in a way that is inconsistent with the profile
author's intent. The compilation bug is specific to certain combinations
of AppArmor rule types and conditionals of those rule types.
(LP: #1390592)
- debian/patches/fix-esc-seq-interp.patch: Fix the profile compilation bug
by limiting the number of bytes that are consumed when interpreting
hexadecimal, octal, and decimal escape sequences
- debian/patches/tests-allow-arbitrary-profile-names.patch,
debian/patches/tests-add-ptrace-tests-for-lp1390592.patch: Add
regression tests for the profile compilation bug
- CVE-2014-1424
Date: 2014-11-14 20:47:41.264512+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/apparmor/2.8.95~2430-0ubuntu5.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list