USN-2609-1: Apport vulnerabilities
21 May 2015
Apport could be tricked into creating arbitrary files as an administrator, resulting in privilege escalation.
- apport - automatically generate crash reports for debugging
Sander Bos discovered that Apport incorrectly handled permissions when
the system was configured to generate core dumps for setuid binaries. A
local attacker could use this issue to gain elevated privileges.
Philip Pettersson discovered that Apport contained race conditions
resulting core dumps to be generated with incorrect permissions in
arbitrary locations. A local attacker could use this issue to gain elevated
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.