Ubuntu alert USN-2569-2 (apport)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2569-2] Apport vulnerability | |
| Date: | Thu, 16 Apr 2015 13:19:48 -0400 | |
| Message-ID: | <552FEF34.40809@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2569-2 April 16, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Apport could be tricked into running programs as an administrator. Software Description: - apport: automatically generate crash reports for debugging Details: USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Original advisory details: Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: apport 2.14.7-0ubuntu8.4 Ubuntu 14.04 LTS: apport 2.14.1-0ubuntu3.10 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2569-2 http://www.ubuntu.com/usn/usn-2569-1 https://launchpad.net/bugs/1444518 Package Information: https://launchpad.net/ubuntu/+source/apport/2.14.7-0ubunt... https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubunt... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...