[ubuntu/zesty-updates] apport 2.20.4-0ubuntu4.7 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Nov 15 20:28:16 UTC 2017
apport (2.20.4-0ubuntu4.7) zesty-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
Date: 2017-11-14 22:56:16.700452+00:00
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/apport/2.20.4-0ubuntu4.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list