Ubuntu 17.10 USN-3480-2 Critical: Apport Regression Fix
Nov 20, 2017
•
LinuxSecurity Advisories
1 - 2 min read
USN-3480-1 introduced regressions in Apport.
=========================================================================Ubuntu Security Notice USN-3480-2 November 20, 2017 apport regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: USN-3480-1 introduced regressions in Apport. Software Description: - apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash forwarding to containers. This update addresses the problems. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: apport 2.20.7-0ubuntu3.5 Ubuntu 17.04: apport 2.20.4-0ubuntu4.8 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3480-2 https://ubuntu.com/security/notices/USN-3480-1 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1726372, https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518 Package Information: https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.5 https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.8 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.13
PREVIOUS
NEXT
Ubuntu 17.10 USN-3480-2 Critical: Apport Regression Fix
ubuntu
November 20, 2017
USN-3480-1 introduced regressions in Apport.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: apport 2.20.7-0ubuntu3.5 Ubuntu 17.04: apport 2.20.4-0ubuntu4.8 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.13 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3480-2
https://ubuntu.com/security/notices/USN-3480-1
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1726372, https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518
Severity
critical
Lowest
Low
Medium
High
Critical
November 20, 2017
Package Information
https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.5 https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.8 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.13
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!