========================================================================== Ubuntu Security Notice USN-3354-1 July 18, 2017
apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user. Software Description: - apport: automatically generate crash reports for debugging Details: Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: apport 2.20.4-0ubuntu4.5 python-apport 2.20.4-0ubuntu4.5 python3-apport 2.20.4-0ubuntu4.5 Ubuntu 16.10: apport 2.20.3-0ubuntu8.7 python-apport 2.20.3-0ubuntu8.7 python3-apport 2.20.3-0ubuntu8.7 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.10 python-apport 2.20.1-0ubuntu2.10 python3-apport 2.20.1-0ubuntu2.10 Ubuntu 14.04 LTS: apport 2.14.1-0ubuntu3.25 python-apport 2.14.1-0ubuntu3.25 python3-apport 2.14.1-0ubuntu3.25 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3354-1 CVE-2017-10708 Package Information: https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.5 https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.7 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.10 https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.25
signature.asc
Description: This is a digitally signed message part
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
