USN-2413-1: AppArmor vulnerability

Ubuntu Security Notice USN-2413-1

20th November, 2014

apparmor vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

apparmor_parser could allow applications that are confined by AppArmor to gain
unintended access to resources.

Software description

  • apparmor
    – Linux security system

Details

An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under
certain circumstances, a malicious application could use this flaw to perform
operations that are not allowed by AppArmor policy. The flaw may also prevent
applications from accessing resources that are allowed by AppArmor policy.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
apparmor

2.8.95~2430-0ubuntu5.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-1424

Leave a Reply