USN-3664-2

USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

References

Affected packages

Ubuntu:14.04:LTS / apport

Package

Name: apport
Purl: pkg:deb/ubuntu/apport@2.14.1-0ubuntu3.29?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.14.1-0ubuntu3.29

Affected versions

2.*

2.12.5-0ubuntu2

2.12.6-0ubuntu1

2.12.7-0ubuntu1

2.12.7-0ubuntu2

2.12.7-0ubuntu3

2.12.7-0ubuntu6

2.13.1-0ubuntu1

2.13.1-0ubuntu2

2.13.2-0ubuntu2

2.13.2-0ubuntu3

2.13.2-0ubuntu4

2.13.2-0ubuntu5

2.13.3-0ubuntu1

2.14-0ubuntu1

2.14.1-0ubuntu1

2.14.1-0ubuntu2

2.14.1-0ubuntu3

2.14.1-0ubuntu3.1

2.14.1-0ubuntu3.2

2.14.1-0ubuntu3.3

2.14.1-0ubuntu3.4

2.14.1-0ubuntu3.5

2.14.1-0ubuntu3.6

2.14.1-0ubuntu3.7

2.14.1-0ubuntu3.8

2.14.1-0ubuntu3.9

2.14.1-0ubuntu3.10

2.14.1-0ubuntu3.11

2.14.1-0ubuntu3.12

2.14.1-0ubuntu3.13

2.14.1-0ubuntu3.15

2.14.1-0ubuntu3.16

2.14.1-0ubuntu3.18

2.14.1-0ubuntu3.19

2.14.1-0ubuntu3.20

2.14.1-0ubuntu3.21

2.14.1-0ubuntu3.23

2.14.1-0ubuntu3.24

2.14.1-0ubuntu3.25

2.14.1-0ubuntu3.27

2.14.1-0ubuntu3.28

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport-gtk"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport-kde"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport-noui"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport-retrace"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "apport-valgrind"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "dh-apport"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "python-apport"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "python-problem-report"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "python3-apport"
        },
        {
            "binary_version": "2.14.1-0ubuntu3.29",
            "binary_name": "python3-problem-report"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:14.04:LTS",
    "cves": [
        {
            "id": "CVE-2018-6552",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3664-2.json"