ESB-2017.2910.2 - UPDATE [Ubuntu] apport: Multiple vulnerabilities 2017-11-21

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.2910.2
                          Apport vulnerabilities
                             21 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           apport
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-14180 CVE-2017-14177 

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3480-1
   http://www.ubuntu.com/usn/usn-3480-2

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running apport check for an updated version of the software for 
         their operating system.

Revision History:  November 21 2017: New update to fix regression from previous fix
                   November 16 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Ubuntu Security Notice USN-3480-2
November 20, 2017

apport regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.10
- - Ubuntu 17.04
- - Ubuntu 16.04 LTS

Summary:

USN-3480-1 introduced regressions in Apport.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177
introduced a regression in the ability to handle crashes for users that
configured their systems to use the Upstart init system in Ubuntu 16.04
LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled
crash forwarding to containers. This update addresses the problems.

We apologize for the inconvenience.

Original advisory details:

 Sander Bos discovered that Apport incorrectly handled core dumps for setuid
 binaries. A local attacker could use this issue to perform a denial of service
 via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

 Sander Bos discovered that Apport incorrectly handled core dumps for processes
 in a different PID namespace. A local attacker could use this issue to perform
 a denial of service via resource exhaustion or possibly gain root privileges.
 (CVE-2017-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  apport                          2.20.7-0ubuntu3.5

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.8

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.13

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3480-2
  https://www.ubuntu.com/usn/usn-3480-1
  https://launchpad.net/bugs/1726372, https://launchpad.net/bugs/1732518

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.5
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.8
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.13


==========================================================================
Ubuntu Security Notice USN-3480-1
November 15, 2017

apport vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.10
- - Ubuntu 17.04
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Apport could be tricked into creating files as an administrator, resulting in
denial of service or privilege escalation.

Software Description:
- - apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled core dumps for setuid
binaries. A local attacker could use this issue to perform a denial of service
via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes
in a different PID namespace. A local attacker could use this issue to perform
a denial of service via resource exhaustion or possibly gain root privileges.
(CVE-2017-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  apport                          2.20.7-0ubuntu3.4

Ubuntu 17.04:
  apport                          2.20.4-0ubuntu4.7

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.12

Ubuntu 14.04 LTS:
  apport                          2.14.1-0ubuntu3.27

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3480-1
  CVE-2017-14177, CVE-2017-14180

Package Information:
  https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.4
  https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.7
  https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.12
  https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.27

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWhN6ZYx+lLeg9Ub1AQhsaw/9GGwogiZbPoSOBnMkVEoeMc3aZQeR/e0L
1e1OlJ2X0Dqo2Cwqv0wwzbdibzyk9LzF0z0QeIp3T9ddYvitXIgf0FB15/A/Fkq4
7x0d+B7GFIpBoLNhcrildKeyBnJ4GQNpnxTQAOwqSst9whRNCI0HJWWA884pvfUU
TgHritGaSvS9TJfIB7sxcmdbrJtXZHeKlGKYmAHo2EOcovOoK6500vx+4eSrMuYU
gvszM73SwoLHPISX4qNjgkTsLViqHEpc2fikvX3a5V3RwcrlXvrqNc/3Mt0k7Nr1
AiQekmYB80ZdZ732MjGHjrtU4SP8hCufGy9ONI88b9hDrEaL3ZuozpetKsh8sy2j
/8fSXmkR91sgeyh1TSOlZ6bWNkZ8XRx1ZIgfi92BzgEedPqnXmSg91I0KQpHtWal
biY5ofKNPvdA/LL1+PsQ3a/H07Tv1Tvavqapg4sPVpEuMpTg4U+sES4CvC/0FtXY
y2vltdW2zYYGREs5cWPJsslaWcwikj4MImLjpvJIHr6a50D7hAoMSVEotUCRdRfC
pDY396wegia44iXJL4jmMsS4rcj0bISCjyo8KJ5EAHtbsod+Ip8+00iZeOXkOxWt
SDCw3VjDltJ9paWkwz66d3Z5Z0EuTTUEkL3BHTN2BKfPNh1cWCZjm8imh/Hxepjw
FIxYSEPjUgI=
=F04u
-----END PGP SIGNATURE-----

« Back to bulletins