[USN-3664-2] Apport vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============8939634362779505964==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”fT41pwsqT03GSAx8e7vmbAH0GZMsQSJP9″

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–fT41pwsqT03GSAx8e7vmbAH0GZMsQSJP9
Content-Type: multipart/mixed; boundary=”QxdO4uF334hl9PqXgEuExf0359CgPX0HV”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3664-2] Apport vulnerability

–QxdO4uF334hl9PqXgEuExf0359CgPX0HV
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3664-2
June 04, 2018

apport vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Apport could be tricked into causing a denial of service or escalate
privileges.

Software Description:
– apport: automatically generate crash reports for debugging

Details:

USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubun=
tu
14.04 LTS was also vulnerable to this issue, but was incorrectly omitted
from the previous updates. This update provides the corresponding update
for Ubuntu 14.04 LTS.

Original advisory details:

Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly us=
e
this issue to cause a denial of service, gain root privileges, or escape=

from containers.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
apport 2.14.1-0ubuntu3.29

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3664-2
https://usn.ubuntu.com/usn/usn-3664-1
CVE-2018-6552

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.29

–QxdO4uF334hl9PqXgEuExf0359CgPX0HV–

–fT41pwsqT03GSAx8e7vmbAH0GZMsQSJP9
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsVe8sACgkQZWnYVadE
vpMtLQ//cX4KN1fqUJCf2my/trO7ldXXTWqoBoJZWdUpREOgz/ugggnAeYQJEEQ0
HlaCJkOk6TU4MfwW7vkAsbErdQM6eLXEgN2MLIFZpjTvk9KA/PKqmzZ5wmmlX1Jm
0VeibY8xnHTphSq4hnScYA4GXoO7SkLfGcw4ug73gt+yfLfp0zS1jsJfH6WrPqYB
gkQS+AUzIptovstKkaFpmpLM+/x+wi1dZn+T2pBJ0baOWoqq3WuydjUP5kp9io/b
+bXqaySGKzG74pmk2iV3z72aOw1e49r/rR1QFoAHLREncANqCxRANW/dmV0BLOXP
tOIsg5TRZYiYFt8EJ4LU3qhTbQYMzWmBxPRHwcrhoGR9TxFNgtf06xpyeTIxrKUs
EtuxYxj/WC7hcsrwxl3p3AEP8+ggiA2Zf/CRuMsTevQoSPPaAJPXTvA8XBAluK1m
6W/qmYfgh2KsU5LiEOwMb20kUAhht56d6RmZMIUlw10kdv50z3kFW5DR4Ii+3d8c
o7luUB4kVKHkbei1f1OWaJ2r+nIECPL0ZREFprwm3K5FWqc80YNbaCDHlBpy9+J/
fpkvxmzesC6m5vnSyjVqSU7RBZlZHPpG7FYy+iKE+7ziTB9s56qqjQZxxwLhp4ot
6/t7JOosSXheXPFth9Tk5xHiDPfeYbuYIAInpZu6mm8fyAfGHCs=
=I8Rm
—–END PGP SIGNATURE—–

–fT41pwsqT03GSAx8e7vmbAH0GZMsQSJP9–

–===============8939634362779505964==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============8939634362779505964==–