Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu 14.04 ESM: USN-4171-4 Critical Apport Regression Issue

Calendar Nov 05, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue update DoS Ubuntu regression apport
USN-4171-2 introduced a regression in Apport. 
=========================================================================Ubuntu Security Notice USN-4171-4
November 05, 2019

apport regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

USN-4171-2 introduced a regression in Apport.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

USN-4171-2 fixed a vulnerability in Apport. The update caused a regression
in the Python Apport library. This update fixes the problem for Ubuntu 14.04 ESM.

We apologize for the inconvenience.

Original advisory details:

 Kevin Backhouse discovered Apport would read its user-controlled settings
 file as the root user. This could be used by a local attacker to possibly
 crash Apport or have other unspecified consequences. (CVE-2019-11481)

 Sander Bos discovered a race-condition in Apport during core dump
 creation. This could be used by a local attacker to generate a crash report
 for a privileged process that is readable by an unprivileged user.
 (CVE-2019-11482)

 Sander Bos discovered Apport mishandled crash dumps originating from
 containers. This could be used by a local attacker to generate a crash
 report for a privileged process that is readable by an unprivileged user.
 (CVE-2019-11483)

 Sander Bos discovered Apport mishandled lock-file creation. This could be
 used by a local attacker to cause a denial of service against Apport.
 (CVE-2019-11485)

 Kevin Backhouse discovered Apport read various process-specific files with
 elevated privileges during crash dump generation. This could could be used
 by a local attacker to generate a crash report for a privileged process
 that is readable by an unprivileged user. (CVE-2019-15790)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  apport                          2.14.1-0ubuntu3.29+esm3
  python-apport                   2.14.1-0ubuntu3.29+esm3
  python3-apport                  2.14.1-0ubuntu3.29+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4171-4
  https://ubuntu.com/security/notices/USN-4171-1

Ubuntu 14.04 ESM: USN-4171-4 Critical Apport Regression Issue

ubuntu
Calendar Grey November 5, 2019
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4172-5 pertains to a regression in Apport impacting Ubuntu 14.04 ESM, delivering essential security enhancements and fixes.
USN-4171-2 introduced a regression in Apport.

Summary

Topics%20covered

Topics Covered

security advisory security issue update DoS Ubuntu regression apport

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: apport 2.14.1-0ubuntu3.29+esm3 python-apport 2.14.1-0ubuntu3.29+esm3 python3-apport 2.14.1-0ubuntu3.29+esm3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4171-4

https://ubuntu.com/security/notices/USN-4171-1

Severity
critical
Lowest
Low
Medium
High
Critical

November 05, 2019

Topics%20covered

Topics Covered

security advisory security issue update DoS Ubuntu regression apport

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here