USN-2744-1: Apport vulnerability
24 September 2015
Apport could be made to crash or overwrite files as an administrator.
Releases
Packages
- apport - automatically generate crash reports for debugging
Details
Halfdog discovered that Apport incorrectly handled kernel crash dump files.
A local attacker could use this issue to cause a denial of service, or
possibly elevate privileges. The default symlink protections for affected
releases should reduce the vulnerability to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.