[USN-3664-1] Apport vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============3945925638577283743==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm
Content-Type: multipart/mixed; boundary=”MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5″;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: “ubuntu-security-announce@lists.ubuntu.com”

Message-ID:
Subject: [USN-3664-1] Apport vulnerability

–MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3664-1
May 30, 2018

apport vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS

Summary:

Apport could be tricked into causing a denial of service or escalate
privileges.

Software Description:
– apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use=

this issue to cause a denial of service, gain root privileges, or escape
from containers.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
apport 2.20.9-0ubuntu7.1

Ubuntu 17.10:
apport 2.20.7-0ubuntu3.9

Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.18

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3664-1
CVE-2018-6552

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.1
https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.9
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.18

–MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5–

–ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsPDJUACgkQZWnYVadE
vpNCsg//Utm24BHsajNg2JPn2HLw/ADRWyTk1sAj4eQ47lh2rRTTfMYiY1GiDJEX
vS7W7uEDMUrGr0jN9VobfisIPH/+qTpGccls2xJer2SeUC83Egd2yPv7W+/sPmUQ
aWzMqtM8slioADQCH2oSY4YEpcDJNJvLpSn8A2eSPAHvYXve4vuE/Sg+5PmEx0kb
iozgXFUt8AH3Lj6M9dm9FC6Q8KN1TIGgu4Nu5YbLyPfYBNFPBlCNENSdmZ/+AqWq
kDzaE8MHYWwL+FbGp9ndhsG98YYz1e5S0pSE6JDaXVMGx8GBaCtb7TaSSTZKNmdH
9ZPhyl5q3sEzvSXPuri7xx8A6UtidwlyLq8FfAMaHtITGlm8SMHKBquazkCjFtNC
jOQ7rJiB2VmyPWiOq+tgpYjf7aNN1H3Xyfj5xFz2YipGNYuvHtkd1BUrSEC2n/Nb
YwBM9FvnCW8Jqc6pY5NO27V8rzK2DD+IL5H84RGJobI68Bpu+w0X2lz4G2rteIMD
qpGGXXSl3TvOgxQGQpwhXvpbmFVdRbCaddLv+4Y2dIktl3MDlt8WIwZfoV4+sQj/
fA2lkDdTBjijDxHbTHU1/82jZ6v1Cs/lcpX9uo0PrxpHEWzWuwdPZvMp7ojGEGj+
I9ZR6py/IkY5JAZO5EaRD2UfOv1FWquv/4TAU+hSyQsMIIRNzkQ=
=Tb48
—–END PGP SIGNATURE—–

–ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm–

–===============3945925638577283743==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============3945925638577283743==–