USN-3354-1: Apport vulnerability
18 July 2017
An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user.
- apport - automatically generate crash reports for debugging
Felix Wilhelm discovered a path traversal vulnerability in Apport
when handling the ExecutablePath field in crash files. An attacker
could trick a user into opening a specially crafted crash file and
execute arbitrary code with the user's privileges.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.