drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Apport
Name: |
Ausführen beliebiger Kommandos in Apport |
|
ID: |
USN-3354-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Di, 18. Juli 2017, 22:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10708 |
|
Applikationen: |
Apport |
|
Originalnachricht |
--===============3759729003862448227== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-YHhatApbezX+aqGE7cCw"
--=-YHhatApbezX+aqGE7cCw Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-3354-1 July 18, 2017
apport vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user.
Software Description: - apport: automatically generate crash reports for debugging
Details:
Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: apport 2.20.4-0ubuntu4.5 python-apport 2.20.4-0ubuntu4.5 python3-apport 2.20.4-0ubuntu4.5
Ubuntu 16.10: apport 2.20.3-0ubuntu8.7 python-apport 2.20.3-0ubuntu8.7 python3-apport 2.20.3-0ubuntu8.7
Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.10 python-apport 2.20.1-0ubuntu2.10 python3-apport 2.20.1-0ubuntu2.10
Ubuntu 14.04 LTS: apport 2.14.1-0ubuntu3.25 python-apport 2.14.1-0ubuntu3.25 python3-apport 2.14.1-0ubuntu3.25
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3354-1 CVE-2017-10708
Package Information: https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.5 https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.7 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.10 https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.25
|
|
|
|