ESB-2017.2910.3 - UPDATE [Ubuntu] apport: Multiple vulnerabilities 2018-01-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.2910.3
                          Apport vulnerabilities
                              5 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           apport
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-14180 CVE-2017-14177 

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3480-1
   http://www.ubuntu.com/usn/usn-3480-2
   http://www.ubuntu.com/usn/usn-3480-3

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running apport check for an updated version of the software for 
         their operating system.

Revision History:  January   5 2018: New update to fix regression from previous
                                     regression fix
                   November 21 2017: New update to fix regression from previous fix
                   November 16 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Ubuntu Security Notice USN-3480-3
January 03, 2018

apport regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.10
- - Ubuntu 17.04
- - Ubuntu 16.04 LTS

Summary:

USN-3480-2 introduced regressions in Apport.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

USN-3480-2 fixed regressions in Apport. The update introduced a new
regression in the container support. This update addresses the problem.

We apologize for the inconvenience.

Original advisory details:

 Sander Bos discovered that Apport incorrectly handled core dumps for
 setuid binaries. A local attacker could use this issue to perform a
 denial of service via resource exhaustion or possibly gain root
 privileges. (CVE-2017-14177)

 Sander Bos discovered that Apport incorrectly handled core dumps for
 processes in a different PID namespace. A local attacker could use
 this issue to perform a denial of service via resource exhaustion or
 possibly gain root privileges. (CVE-2017-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  apport                          2.20.7-0ubuntu3.7

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.10

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.15

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3480-3
  https://www.ubuntu.com/usn/usn-3480-1
  https://launchpad.net/bugs/1733366

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.7
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.10
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.15

==========================================================================
Ubuntu Security Notice USN-3480-2
November 20, 2017

apport regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.10
- - Ubuntu 17.04
- - Ubuntu 16.04 LTS

Summary:

USN-3480-1 introduced regressions in Apport.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177
introduced a regression in the ability to handle crashes for users that
configured their systems to use the Upstart init system in Ubuntu 16.04
LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled
crash forwarding to containers. This update addresses the problems.

We apologize for the inconvenience.

Original advisory details:

 Sander Bos discovered that Apport incorrectly handled core dumps for setuid
 binaries. A local attacker could use this issue to perform a denial of service
 via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

 Sander Bos discovered that Apport incorrectly handled core dumps for processes
 in a different PID namespace. A local attacker could use this issue to perform
 a denial of service via resource exhaustion or possibly gain root privileges.
 (CVE-2017-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  apport                          2.20.7-0ubuntu3.5

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.8

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.13

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3480-2
  https://www.ubuntu.com/usn/usn-3480-1
  https://launchpad.net/bugs/1726372, https://launchpad.net/bugs/1732518

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.5
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.8
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.13


==========================================================================
Ubuntu Security Notice USN-3480-1
November 15, 2017

apport vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.10
- - Ubuntu 17.04
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Apport could be tricked into creating files as an administrator, resulting in
denial of service or privilege escalation.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  apport                          2.20.7-0ubuntu3.4

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.7

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.12

Ubuntu 14.04 LTS:
  apport                          2.14.1-0ubuntu3.27

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3480-1
  CVE-2017-14177, CVE-2017-14180

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.4
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.7
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.12
  https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.27

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWk7S7ox+lLeg9Ub1AQjXKRAAldqPJURyLf5UBEQoFgROvuD0fwXS6ZCI
Rkxbay2ljpDsMkO13Vez8RkeDoU/BXQNHKrAgah0VSt9YPF2dei3ri0tCvtbNMpv
1JTTGY1BFQPBR7IXPIEcKavuI3eFtjNBhSx6VJXtpokoEy+N7qNvjJ69Ed/I65uw
WpalQOvouwpI6g8DDbkmFs29hYIdTSycOm56rnsQO//XFctliLx2BbjCJTENZiBh
1iKb0kjGQP0GqxRWVILfu6CiM63Pcz65xkV8tx/QfAdA64sWIwNg+3pQy4rLL/+L
WtzWsdaJS6PpZcKbpjlHmJgCQVzrqU9HoGMnMhKAOdmhVPepyNeOgC4XB4rB6a/k
UfYLTHSfne6INivMqopA6EIn+/Qk0/kJWDaiSVf2qWJNe7MngDEvM23RRiR0oA2D
WoPVRnwcrYeBsa8lRaNRt5VmBlW4acebevJo1vMSGXHFdYdgadSiWIV1AIfh7jua
9dSTnfdmP6sRfQ/Yz9AlKjiwDS6PsbNakmG3NM9QLdoAtCel9f3Y2R33Ifp8Xk3L
tGKws3KXxZHtJEqImhfPZkCN69LBou+GykFn4XWE9ZfacPdEPH4sibE0rL5NwDNO
yMqFkVx0s4VXHbCm9JmRTla7yQXdZfAOVMuzlu1xLqHhYzt6j2LbOZC0I5BbxpmB
ehneNuf7iik=
=ptf3
-----END PGP SIGNATURE-----

« Back to bulletins