[USN-3748-1] base-files vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============8779610269571458580==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”pAxyHw1zBDB820lYNEbNVyRC4i6o8jyEg”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–pAxyHw1zBDB820lYNEbNVyRC4i6o8jyEg
Content-Type: multipart/mixed; boundary=”vRYBZeTIXYoEoH0mtb9cCgkpVOhEGHrNH”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3748-1] base-files vulnerability

–vRYBZeTIXYoEoH0mtb9cCgkpVOhEGHrNH
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3748-1
August 21, 2018

base-files vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

base-files could be made to hang or overwrite files as the administrator.=

Software Description:
– base-files: Debian base system miscellaneous files

Details:

Sander Bos discovered that the MOTD update script incorrectly handled
temporary files. A local attacker could use this issue to cause a denial =
of
service, or possibly escalate privileges if kernel symlink restrictions
were disabled.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
base-files 10.1ubuntu2.2

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3748-1
CVE-2018-6557

Package Information:
https://launchpad.net/ubuntu/+source/base-files/10.1ubuntu2.2

–vRYBZeTIXYoEoH0mtb9cCgkpVOhEGHrNH–

–pAxyHw1zBDB820lYNEbNVyRC4i6o8jyEg
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlt8FbsACgkQZWnYVadE
vpMxyw/9Fn0D/yviss7G7nSLSPPcnzB//d6ANyNdfdg4DmKD/e5BBeyUie25Ij2B
3t5FFhvjfsNGkvIolwVUw0hwB9vDBpVyK7E+r20rEZlHr/ARDv5Gr46rDRU3G8lp
4r4K2QdJU53mOYf9iTHkG7c67ZqZbZSdztIX+TtBRDE7kW24bmELnYLVR8GVU7Vb
IU7yWOEWQ4kNSI28D1DkgzRTkLtnxIMPGFYcqFOwjnWT6uD3PXRYdYBP1rv5zxL4
YOW5kOjGPbw1IrShelUh5cul2dI/6Y9YAIajbcndoQmGrbXZNhBw+7kDpSarwDAA
3R+zcP/0/2+WMqYXd8MQfCazwvHtJ64FSplHTk4BQgYn9xwHgbsIqgBgwuUdXyL0
2C/2FSHD+6HoSOErBfdng1DcIzNEr6mK+Sfd6ijkXWHreEkxa1eBJSdURAmoCcgB
1XuNbnhRA6Vq1OR0JGdQAwdyX8zgWTaF+M/hcWpFyINNfv/bbn55JFgpW+2E2y+J
Dij3wmiRXkXkBo8ywd3zdb2G52o4wB8g9ncwUd3ZEDYBal6+8FVIBtbjI7undd2q
e0FRw/EycsGfURQtCyb4RoZ1AA61swCb1ZQN/BT23ppKTkaulo/kf86i2wHjpZ6b
0GM3xesESiNNud2wAkJnlaQSWMN0hx5lUciD/Vin5/Fwek0rhBA=
=Hbc0
—–END PGP SIGNATURE—–

–pAxyHw1zBDB820lYNEbNVyRC4i6o8jyEg–

–===============8779610269571458580==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============8779610269571458580==–