Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

Ubuntu 15.04: USN-2609-1 Critical: Apport Privilege Escalation

ubuntu
Calendar Grey May 21, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Apport could be tricked into creating arbitrary files as an administrator, resulting in privilege escalation.

Summary

Apport could be tricked into creating arbitrary files as an administrator,

resulting in privilege escalation.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled permissions when

the system was configured to generate core dumps for setuid binaries. A

local attacker could use this issue to gain elevated privileges.

(CVE-2015-1324)

Philip Pettersson discovered that Apport contained race conditions

resulting core dumps to be generated with incorrect permissions in

arbitrary locations. A local attacker could use this issue to gain elevated

privileges. (CVE-2015-1325)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  apport                          2.17.2-0ubuntu1.1

Ubuntu 14.10:
  apport                          2.14.7-0ubuntu8.5

Ubuntu 14.04 LTS:
  apport                          2.14.1-0ubuntu3.11

Ubuntu 12.04 LTS:
  apport                          2.0.1-0ubuntu17.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2609-1

CVE-2015-1324, CVE-2015-1325

Severity
critical
Lowest
Low
Medium
High
Critical

May 21, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.