Lucene search

UbuntuUSN-3480-2

HistoryNov 20, 2017 - 12:00 a.m.

Apport regressions

2017-11-2000:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Releases

Ubuntu 17.10
Ubuntu 17.04
Ubuntu 16.04 ESM

Packages

apport - automatically generate crash reports for debugging

Details

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177
introduced a regression in the ability to handle crashes for users that
configured their systems to use the Upstart init system in Ubuntu 16.04
LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled
crash forwarding to containers. This update addresses the problems.

We apologize for the inconvenience.

Original advisory details:

Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchapport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-gtk< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-kde< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-noui< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-retrace< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchapport-valgrind< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchdh-apport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython-apport< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython-problem-report< 2.20.7-0ubuntu3.5UNKNOWN
Ubuntu17.10noarchpython3-apport< 2.20.7-0ubuntu3.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	17.10	noarch	apport	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	apport-gtk	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	apport-kde	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	apport-noui	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	apport-retrace	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	apport-valgrind	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	dh-apport	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	python-apport	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	python-problem-report	< 2.20.7-0ubuntu3.5	UNKNOWN
Ubuntu	17.10	noarch	python3-apport	< 2.20.7-0ubuntu3.5	UNKNOWN

Rows per page:

1-10 of 331

References

launchpad.net/bugs/1726372

launchpad.net/bugs/1732518

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for USN-3480-2