Wednesday, May 30, 2018

[USN-3664-1] Apport vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsPDJUACgkQZWnYVadE
vpNCsg//Utm24BHsajNg2JPn2HLw/ADRWyTk1sAj4eQ47lh2rRTTfMYiY1GiDJEX
vS7W7uEDMUrGr0jN9VobfisIPH/+qTpGccls2xJer2SeUC83Egd2yPv7W+/sPmUQ
aWzMqtM8slioADQCH2oSY4YEpcDJNJvLpSn8A2eSPAHvYXve4vuE/Sg+5PmEx0kb
iozgXFUt8AH3Lj6M9dm9FC6Q8KN1TIGgu4Nu5YbLyPfYBNFPBlCNENSdmZ/+AqWq
kDzaE8MHYWwL+FbGp9ndhsG98YYz1e5S0pSE6JDaXVMGx8GBaCtb7TaSSTZKNmdH
9ZPhyl5q3sEzvSXPuri7xx8A6UtidwlyLq8FfAMaHtITGlm8SMHKBquazkCjFtNC
jOQ7rJiB2VmyPWiOq+tgpYjf7aNN1H3Xyfj5xFz2YipGNYuvHtkd1BUrSEC2n/Nb
YwBM9FvnCW8Jqc6pY5NO27V8rzK2DD+IL5H84RGJobI68Bpu+w0X2lz4G2rteIMD
qpGGXXSl3TvOgxQGQpwhXvpbmFVdRbCaddLv+4Y2dIktl3MDlt8WIwZfoV4+sQj/
fA2lkDdTBjijDxHbTHU1/82jZ6v1Cs/lcpX9uo0PrxpHEWzWuwdPZvMp7ojGEGj+
I9ZR6py/IkY5JAZO5EaRD2UfOv1FWquv/4TAU+hSyQsMIIRNzkQ=
=Tb48
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3664-1
May 30, 2018

apport vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS

Summary:

Apport could be tricked into causing a denial of service or escalate
privileges.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use
this issue to cause a denial of service, gain root privileges, or escape
from containers.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
apport 2.20.9-0ubuntu7.1

Ubuntu 17.10:
apport 2.20.7-0ubuntu3.9

Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.18

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3664-1
CVE-2018-6552

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.1
https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.9
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.18

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)