========================================================================== Ubuntu Security Notice USN-3480-1 November 15, 2017
apport vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation. Software Description: - apport: automatically generate crash reports for debugging Details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: apport 2.20.7-0ubuntu3.4 Ubuntu 17.04: apport 2.20.4-0ubuntu4.7 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.12 Ubuntu 14.04 LTS: apport 2.14.1-0ubuntu3.27 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3480-1 CVE-2017-14177, CVE-2017-14180 Package Information: https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.4 https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.7 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.12 https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.27
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
