Login
Newsletter
Werbung

Sicherheit: Ausführen von Code mit höheren Privilegien in Apport
Aktuelle Meldungen Distributionen
Name: Ausführen von Code mit höheren Privilegien in Apport
ID: USN-3664-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 18.04 LTS
Datum: Do, 31. Mai 2018, 09:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6552
Applikationen: Apport

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3945925638577283743==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm
Content-Type: multipart/mixed;
boundary="MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <e3c55c38-6327-d4e6-1a90-36fbf2b3937d@canonical.com>
Subject: [USN-3664-1] Apport vulnerability

--MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3664-1
May 30, 2018

apport vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS

Summary:

Apport could be tricked into causing a denial of service or escalate
privileges.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use
this issue to cause a denial of service, gain root privileges, or escape
from containers.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
apport 2.20.9-0ubuntu7.1

Ubuntu 17.10:
apport 2.20.7-0ubuntu3.9

Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.18

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3664-1
CVE-2018-6552

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.1
https://launchpad.net/ubuntu/+source/apport/2.20.7-0ubuntu3.9
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.18


--MVuqO8KieDduGFkoRY9x6skluKyi1Bjk5--

--ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsPDJUACgkQZWnYVadE
vpNCsg//Utm24BHsajNg2JPn2HLw/ADRWyTk1sAj4eQ47lh2rRTTfMYiY1GiDJEX
vS7W7uEDMUrGr0jN9VobfisIPH/+qTpGccls2xJer2SeUC83Egd2yPv7W+/sPmUQ
aWzMqtM8slioADQCH2oSY4YEpcDJNJvLpSn8A2eSPAHvYXve4vuE/Sg+5PmEx0kb
iozgXFUt8AH3Lj6M9dm9FC6Q8KN1TIGgu4Nu5YbLyPfYBNFPBlCNENSdmZ/+AqWq
kDzaE8MHYWwL+FbGp9ndhsG98YYz1e5S0pSE6JDaXVMGx8GBaCtb7TaSSTZKNmdH
9ZPhyl5q3sEzvSXPuri7xx8A6UtidwlyLq8FfAMaHtITGlm8SMHKBquazkCjFtNC
jOQ7rJiB2VmyPWiOq+tgpYjf7aNN1H3Xyfj5xFz2YipGNYuvHtkd1BUrSEC2n/Nb
YwBM9FvnCW8Jqc6pY5NO27V8rzK2DD+IL5H84RGJobI68Bpu+w0X2lz4G2rteIMD
qpGGXXSl3TvOgxQGQpwhXvpbmFVdRbCaddLv+4Y2dIktl3MDlt8WIwZfoV4+sQj/
fA2lkDdTBjijDxHbTHU1/82jZ6v1Cs/lcpX9uo0PrxpHEWzWuwdPZvMp7ojGEGj+
I9ZR6py/IkY5JAZO5EaRD2UfOv1FWquv/4TAU+hSyQsMIIRNzkQ=
=Tb48
-----END PGP SIGNATURE-----

--ew0WqJoG7R9fAHa8kJMmwR6JHwsPv4DEm--


--===============3945925638577283743==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3945925638577283743==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung