Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu 14.04 ESM USN-4171-2: Apport Security Issues and Fixes

Calendar Nov 04, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu race condition local attack apport
Several security issues were fixed in Apport. 
=========================================================================Ubuntu Security Notice USN-4171-2
November 04, 2019

apport vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Apport.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

USN-4171-1 fixed several vulnerabilities in apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 Kevin Backhouse discovered Apport would read its user-controlled settings
 file as the root user. This could be used by a local attacker to possibly
 crash Apport or have other unspecified consequences. (CVE-2019-11481)

 Sander Bos discovered a race-condition in Apport during core dump
 creation. This could be used by a local attacker to generate a crash report
 for a privileged process that is readable by an unprivileged user.
 (CVE-2019-11482)

 Sander Bos discovered Apport mishandled crash dumps originating from
 containers. This could be used by a local attacker to generate a crash
 report for a privileged process that is readable by an unprivileged user.
 (CVE-2019-11483)

 Sander Bos discovered Apport mishandled lock-file creation. This could be
 used by a local attacker to cause a denial of service against Apport.
 (CVE-2019-11485)

 Kevin Backhouse discovered Apport read various process-specific files with
 elevated privileges during crash dump generation. This could could be used
 by a local attacker to generate a crash report for a privileged process
 that is readable by an unprivileged user. (CVE-2019-15790)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  apport                          2.14.1-0ubuntu3.29+esm2
  python-apport                   2.14.1-0ubuntu3.29+esm2
  python3-apport                  2.14.1-0ubuntu3.29+esm2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4171-2
  https://ubuntu.com/security/notices/USN-4171-1
  CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485,
  CVE-2019-15790

Ubuntu 14.04 ESM USN-4171-2: Apport Security Issues and Fixes

ubuntu
Calendar Grey November 4, 2019
Dist Ubuntu Esm H88
Updates addressing Apport security flaws in Ubuntu 14.04 ESM are now available. Discover the vulnerabilities and their fixes here.
Several security issues were fixed in Apport.

Summary

Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu race condition local attack apport

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: apport 2.14.1-0ubuntu3.29+esm2 python-apport 2.14.1-0ubuntu3.29+esm2 python3-apport 2.14.1-0ubuntu3.29+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4171-2

https://ubuntu.com/security/notices/USN-4171-1

CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485,

CVE-2019-15790

Severity
important
Lowest
Low
Medium
High
Critical

November 04, 2019

Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu race condition local attack apport

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here