PublicDateAtUSN: 2017-11-15 19:00:00
Candidate: CVE-2017-14180
CRD: 2017-11-15 19:00:00
PublicDate: 2018-02-02 14:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14180
 http://www.sbosnet.nl/
 https://ubuntu.com/security/notices/USN-3480-1
 https://ubuntu.com/security/notices/USN-3480-2
Description:
 Apport 2.13 through 2.20.7 does not properly handle crashes originating
 from a PID namespace allowing local users to create certain files as root
 which an attacker could leverage to perform a denial of service via
 resource exhaustion or possibly gain root privileges, a different
 vulnerability than CVE-2017-14179.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://launchpad.net/bugs/1726372
Priority: high
Discovered-by: Sander Bos
Assigned-to: tyhicks
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_apport:
 upstream: https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171
upstream_apport: released (2.20.8)
precise/esm_apport: DNE
trusty_apport: released (2.14.1-0ubuntu3.27)
trusty/esm_apport: released (2.14.1-0ubuntu3.27)
xenial_apport: released (2.20.1-0ubuntu2.12)
esm-infra/xenial_apport: released (2.20.1-0ubuntu2.12)
zesty_apport: released (2.20.4-0ubuntu4.7)
artful_apport: released (2.20.7-0ubuntu3.4)
devel_apport: released (2.20.8-0ubuntu1)