Apport could be tricked into creating arbitrary files as an administrator, resulting in privilege escalation.
Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324)
21 May 2015
A security issue affects these releases of Ubuntu and its derivatives:
Apport could be tricked into creating arbitrary files as an administrator, resulting in privilege escalation.
Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324)
Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1325)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Vulmon