Lucene search

K
ubuntuUbuntuUSN-3480-2
HistoryNov 20, 2017 - 12:00 a.m.

Apport regressions

2017-11-2000:00:00
ubuntu.com
29

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

Releases

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 ESM

Packages

  • apport - automatically generate crash reports for debugging

Details

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177
introduced a regression in the ability to handle crashes for users that
configured their systems to use the Upstart init system in Ubuntu 16.04
LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled
crash forwarding to containers. This update addresses the problems.

We apologize for the inconvenience.

Original advisory details:

Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchapport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-gtk< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-kde< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-noui< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-retrace< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-valgrind< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchdh-apport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython-apport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython-problem-report< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython3-apport< 2.20.7-0ubuntu3.5UNKNOWN
Rows per page:
1-10 of 331

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%