An attacker could trick a user into opening a malicious .crash file
and execute arbitrary code as the user.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
Felix Wilhelm discovered a path traversal vulnerability in Apport
when handling the ExecutablePath field in crash files. An attacker
could trick a user into opening a specially crafted crash file and
execute arbitrary code with the user's privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: apport 2.20.4-0ubuntu4.5 python-apport 2.20.4-0ubuntu4.5 python3-apport 2.20.4-0ubuntu4.5 Ubuntu 16.10: apport 2.20.3-0ubuntu8.7 python-apport 2.20.3-0ubuntu8.7 python3-apport 2.20.3-0ubuntu8.7 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.10 python-apport 2.20.1-0ubuntu2.10 python3-apport 2.20.1-0ubuntu2.10 Ubuntu 14.04 LTS: apport 2.14.1-0ubuntu3.25 python-apport 2.14.1-0ubuntu3.25 python3-apport 2.14.1-0ubuntu3.25 In general, a standard system update will make all the necessary changes.
CVE-2017-10708
Get the latest Linux and open source security news straight to your inbox.