Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 17.04 USN-3354-1 Critical Apport Path Execution Threat

ubuntu
Calendar Grey July 18, 2017
Dist Ubuntu Esm H88
Safeguard your Ubuntu from the apport vulnerability by updating your system, checking for updates, configuring settings, and setting up a firewall
An attacker could trick a user into opening a malicious .crash fileand execute arbitrary code as the user.

Summary

An attacker could trick a user into opening a malicious .crash file

and execute arbitrary code as the user.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

Felix Wilhelm discovered a path traversal vulnerability in Apport

when handling the ExecutablePath field in crash files. An attacker

could trick a user into opening a specially crafted crash file and

execute arbitrary code with the user's privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.5
  python-apport                   2.20.4-0ubuntu4.5
  python3-apport                  2.20.4-0ubuntu4.5

Ubuntu 16.10:
  apport                          2.20.3-0ubuntu8.7
  python-apport                   2.20.3-0ubuntu8.7
  python3-apport                  2.20.3-0ubuntu8.7

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.10
  python-apport                   2.20.1-0ubuntu2.10
  python3-apport                  2.20.1-0ubuntu2.10

Ubuntu 14.04 LTS:
  apport                          2.14.1-0ubuntu3.25
  python-apport                   2.14.1-0ubuntu3.25
  python3-apport                  2.14.1-0ubuntu3.25

In general, a standard system update will make all the necessary
changes.

References

 

  CVE-2017-10708

Severity
critical
Lowest
Low
Medium
High
Critical

July 18, 2017

Package Information

  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.5
  https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.7
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.10
  https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.25

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here