ESB-2017.1773 - [Ubuntu] apport: Execute arbitrary code/commands - Remote with user interaction 2017-07-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1773
                           Apport vulnerability
                               20 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           apport
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-10708  

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3354-1

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Ubuntu Security Notice USN-3354-1
July 18, 2017

apport vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.04
- - Ubuntu 16.10
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

An attacker could trick a user into opening a malicious .crash file
and execute arbitrary code as the user.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

Felix Wilhelm discovered a path traversal vulnerability in Apport
when handling the ExecutablePath field in crash files. An attacker
could trick a user into opening a specially crafted crash file and
execute arbitrary code with the user's privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.5
  python-apport                   2.20.4-0ubuntu4.5
  python3-apport                  2.20.4-0ubuntu4.5

Ubuntu 16.10:
  apport                          2.20.3-0ubuntu8.7
  python-apport                   2.20.3-0ubuntu8.7
  python3-apport                  2.20.3-0ubuntu8.7

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.10
  python-apport                   2.20.1-0ubuntu2.10
  python3-apport                  2.20.1-0ubuntu2.10

Ubuntu 14.04 LTS:
  apport                          2.14.1-0ubuntu3.25
  python-apport                   2.14.1-0ubuntu3.25
  python3-apport                  2.14.1-0ubuntu3.25

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3354-1
  CVE-2017-10708

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.5
  https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.7
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.10
  https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.25

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXA0W4x+lLeg9Ub1AQj5/A//ZEjldJYyNe61hsyoxcNOYj039ubc4Ex9
vr2hu2AIE20d5MCTnOoG72vgrBpk1S1wi94omNCwAONzi6enQlzR6IDCKjRj9xga
DTo38zOtvviIHDWJZLrO66YYaQ7Iy1evr7KiIJ+Gj0JiOWrKRd1CqrdUw4kB0tro
hWlJmrC0yAUtzF3CDEM8ihua0XwDpkYsiHncJIiXIFf5+arPXQC8hmSIKh+xASXk
xRBX/4sb/1qJXlKNUAKZFAENhDnn+P2tvBr1VIutieBXbi/Ec9/3PW1nIqTMQxlj
AO8djMpkSDM4qXOFa4aGUrab4dzbQjsSwtofKOs8/YfUMvXQaFviI6ZYAANCRKso
9UbYI9+PBmkWbryOYOc/6KHg78dcGEkHcPQnSRRD67D7Ufu5q17RYp7DjRuMoNOA
FfY5F9rirwkPo8h/R38pjI04v3IDINFeZE6/LRHsQraqZXqfX6xqclPaYItdnAi5
afTFLgwxXg2sdkZyW9QuXDC4Ds/SJBJX0mdZEv5DaP/9f6RWjysjJFuHw45n/bzU
t8/VWAI1HZm8OVadwEePpfSUIPM+wJP6CJgY7pLuNx1Ll/uhCXDRzwJAz9gSUmH+
LI9HzYwODFlY+xu09ikgHDPqHy8IkU6CMezLKsrJ1jkqpq62g3fsB4Rqe0v9z3aT
kiu7BkfX/z4=
=p3hi
-----END PGP SIGNATURE-----

« Back to bulletins