USN-3480-1: Apport vulnerabilities
USN-3480-1: Apport vulnerabilities Ubuntu Security Notice USN-3480-1 15th November, 2017 apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation. Software description apport – automatically generate crash reports for debugging Details Sander Bos discovered that Apport incorrectly handled core dumps for setuidbinaries. A local attacker could use this issue to perform a denial of servicevia resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processesin a different PID namespace. A local attacker could use this issue to performa denial of service via resource exhaustion or possibly gain root privileges.(CVE-2017-14180) Update instructions The problem can be corrected by updating your [ more… ]
