* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Thu, 09 Nov 2017 15:50:08 -0800
This bug was fixed in the package apport - 2.20.1-0ubuntu2.12
--------------- 0ubuntu2. 12) xenial-security; urgency=medium
apport (2.20.1-
* SECURITY UPDATE: Denial of service via resource exhaustion and fs/suid_ dumpable is set to 2, do not assume that
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Thu, 09 Nov 2017 15:50:08 -0800