CVE-2017-14180

Priority
Medium
Description
Apport 2.13 through 2.20.7 does not properly handle crashes originating
from a PID namespace allowing local users to create certain files as
root which an attacker could leverage to perform a denial of service
via resource exhaustion or possibly gain root privileges, a different
vulnerability than CVE-2017-14179.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:released (2.20.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.14.1-0ubuntu3.27)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.20.1-0ubuntu2.12)
Ubuntu 17.04 (Zesty Zapus):released (2.20.4-0ubuntu4.7)
Ubuntu 17.10 (Artful Aardvark):released (2.20.7-0ubuntu3.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.20.8-0ubuntu1)
Patches:
Upstream:https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171
More Information

Updated: 2017-12-15 23:14:33 UTC (commit 13914)