Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 14.04 ESM USN-4171-2: Apport Security Issues and Fixes

ubuntu
Calendar Grey November 4, 2019
Dist Ubuntu Esm H88
Updates addressing Apport security flaws in Ubuntu 14.04 ESM are now available. Discover the vulnerabilities and their fixes here.
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

USN-4171-1 fixed several vulnerabilities in apport. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Kevin Backhouse discovered Apport would read its user-controlled settings

file as the root user. This could be used by a local attacker to possibly

crash Apport or have other unspecified consequences. (CVE-2019-11481)

Sander Bos discovered a race-condition in Apport during core dump

creation. This could be used by a local attacker to generate a crash report

for a privileged process that is readable by an unprivileged user.

(CVE-2019-11482)

Sander Bos discovered Apport mishandled crash dumps originating from

containers. This could be used by a local attacker to generate a crash

report for a privileged process that is readable by an unprivileged user.

(CVE-2019-11483)

Sander Bos disco...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  apport                          2.14.1-0ubuntu3.29+esm2
  python-apport                   2.14.1-0ubuntu3.29+esm2
  python3-apport                  2.14.1-0ubuntu3.29+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4171-2

https://ubuntu.com/security/notices/USN-4171-1

CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485,

CVE-2019-15790

Severity
important
Lowest
Low
Medium
High
Critical

November 04, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.