[ubuntu/zesty-security] apport 2.20.4-0ubuntu4.7 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Wed Nov 15 18:56:29 UTC 2017
apport (2.20.4-0ubuntu4.7) zesty-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
Date: 2017-11-14 22:56:16.700452+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list