CVE-2014-1424

Publication date 24 November 2014

Last updated 24 July 2024

Ubuntu priority

apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apparmor	14.10 utopic	Not affected
	14.04 LTS trusty	Fixed 2.8.95~2430-0ubuntu5.1
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

caused by incomplete backport in trusty

tyhicks

Ptrace, mount, and possibly other rule types are affected Issue was specific to Ubuntu. The final version of the patch that was committed upstream was not vulnerable.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2413-1
AppArmor vulnerability
20 November 2014

Other references

https://www.cve.org/CVERecord?id=CVE-2014-1424