[USN-2413-1] AppArmor vulnerability

Tyler Hicks tyhicks at canonical.com
Thu Nov 20 21:09:14 UTC 2014


==========================================================================
Ubuntu Security Notice USN-2413-1
November 20, 2014

apparmor vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

apparmor_parser could allow applications that are confined by AppArmor to gain
unintended access to resources.

Software Description:
- apparmor: Linux security system

Details:

An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under
certain circumstances, a malicious application could use this flaw to perform
operations that are not allowed by AppArmor policy. The flaw may also prevent
applications from accessing resources that are allowed by AppArmor policy.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  apparmor                        2.8.95~2430-0ubuntu5.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2413-1
  CVE-2014-1424

Package Information:
  https://launchpad.net/ubuntu/+source/apparmor/2.8.95~2430-0ubuntu5.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20141120/e129cd1a/attachment.pgp>


More information about the ubuntu-security-announce mailing list