Site icon 지락문화예술공작단

USN-3480-1: Apport vulnerabilities

USN-3480-1: Apport vulnerabilities

Ubuntu Security Notice USN-3480-1

15th November, 2017

apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Apport could be tricked into creating files as an administrator, resulting in
denial of service or privilege escalation.

Software description

Details

Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
apport

2.20.7-0ubuntu3.4
Ubuntu 17.04:
apport

2.20.4-0ubuntu4.7
Ubuntu 16.04 LTS:
apport

2.20.1-0ubuntu2.12
Ubuntu 14.04 LTS:
apport

2.14.1-0ubuntu3.27

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-14177,

CVE-2017-14180

Source: USN-3480-1: Apport vulnerabilities

Exit mobile version