CVE-2017-14177

Priority
High
Description
Apport through 2.20.7 does not properly handle core dumps from setuid
binaries allowing local users to create certain files as root which an
attacker could leverage to perform a denial of service via resource
exhaustion or possibly gain root privileges. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2015-1324.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:released (2.20.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.14.1-0ubuntu3.27)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.20.1-0ubuntu2.12)
Ubuntu 17.04 (Zesty Zapus):released (2.20.4-0ubuntu4.7)
Ubuntu 17.10 (Artful Aardvark):released (2.20.7-0ubuntu3.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.20.8-0ubuntu1)
Patches:
Upstream:https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171
More Information

Updated: 2017-12-15 23:14:33 UTC (commit 13914)