This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.1
---
apparmor (2.8.95~2430-0ubuntu5.1) trusty-security; urgency=medium
* SECURITY UPDATE: An AppArmor profile compilation bug may result in
applications being confined in a way that is inconsistent with the
This is CVE-2014-1424
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1424
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1390592
Title:
'ptrace
I may need to take another approach instead of replacing add-decimal-
interp.patch with upstream commit r2456. While this bug is fixed, the
regression test suite hits some new failures. The commit message of
upstream commit r2541 explains the problem (and changes the tests):
Earlier fixes to the
Per Tyler, this is fixed in r2456. In 14.04, add-decimal-interp.patch
should be removed in favor of this patch.
** No longer affects: linux (Ubuntu)
** Also affects: apparmor (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: Confirmed =
I'm fairly certain that this is a parser bug and not a kernel bug. The
dfa-states output for the profile profile XYZ { ptrace
peer=@{profile_name}, } changes between 14.04 and 14.10. Also, I can
pull down lp:apparmor and build a parser, on 14.04, that doesn't exhibit
the behavior described in this
5 matches
Mail list logo