Ubuntu Security Notice USN-3480-1
15th November, 2017
apport vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation.
Software description
Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)
Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)
Update instructions
The problem can be corrected by updating your system to the following package version:
Ubuntu 17.10:
apport 2.20.7-0ubuntu3.4
Ubuntu 17.04:
apport 2.20.4-0ubuntu4.7
Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.12
Ubuntu 14.04 LTS:
apport 2.14.1-0ubuntu3.27
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2017-14177, CVE-2017-14180
Continue reading...
15th November, 2017
apport vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation.
Software description
- apport - automatically generate crash reports for debugging
Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)
Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)
Update instructions
The problem can be corrected by updating your system to the following package version:
Ubuntu 17.10:
apport 2.20.7-0ubuntu3.4
Ubuntu 17.04:
apport 2.20.4-0ubuntu4.7
Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.12
Ubuntu 14.04 LTS:
apport 2.14.1-0ubuntu3.27
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2017-14177, CVE-2017-14180
Continue reading...