Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu 14.04 ESM: USN-4051-2 Critical Apport Information Exposure

Calendar Jul 09, 2019 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory Ubuntu local threat information exposure apport
Apport could be made to expose sensitive information in crash reports. 
=========================================================================Ubuntu Security Notice USN-4051-2
July 09, 2019

apport vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Apport could be made to expose sensitive information in crash reports.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

USN-4051-1 fixed a vulnerability in apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 Kevin Backhouse discovered a race-condition when reading the user's local
 Apport configuration. This could be used by a local attacker to cause
 Apport to include arbitrary files in a resulting crash report.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  python-apport                   2.14.1-0ubuntu3.29+esm1
  python3-apport                  2.14.1-0ubuntu3.29+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4051-2
  https://ubuntu.com/security/notices/USN-4051-1
  CVE-2019-7307

Ubuntu 14.04 ESM: USN-4051-2 Critical Apport Information Exposure

ubuntu
Calendar Grey July 9, 2019
Dist Ubuntu Esm H88
Keep updated regarding the Apport flaw in Ubuntu 14.04 ESM to safeguard against potential data leaks.
Apport could be made to expose sensitive information in crash reports.

Summary

Topics%20covered

Topics Covered

security advisory Ubuntu local threat information exposure apport

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: python-apport 2.14.1-0ubuntu3.29+esm1 python3-apport 2.14.1-0ubuntu3.29+esm1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4051-2

https://ubuntu.com/security/notices/USN-4051-1

CVE-2019-7307

Severity
critical
Lowest
Low
Medium
High
Critical

July 09, 2019

Topics%20covered

Topics Covered

security advisory Ubuntu local threat information exposure apport

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here