Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 19.10 LTS: USN-4171-5 Critical: Apport Regression Issues

ubuntu
Calendar Grey March 18, 2020
Dist Ubuntu Esm H88
This notice outlines the apport regression caused by USN-4171-2 impacting various Ubuntu versions.
USN-4171-1 introduced a regression in Apport.

Summary

USN-4171-1 introduced a regression in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in

autopkgtest and python2 compatibility. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Kevin Backhouse discovered Apport would read its user-controlled settings

file as the root user. This could be used by a local attacker to possibly

crash Apport or have other unspecified consequences. (CVE-2019-11481)

Sander Bos discovered a race-condition in Apport during core dump

creation. This could be used by a local attacker to generate a crash report

for a privileged process that is readable by an unprivileged user.

(CVE-2019-11482)

Sander Bos discovered Apport mishandled crash dumps originating from

containers. This could be used by a local attacker to generate a crash

report for a privilege...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  apport                          2.20.11-0ubuntu8.6
  python-apport                   2.20.11-0ubuntu8.6
  python3-apport                  2.20.11-0ubuntu8.6

Ubuntu 18.04 LTS:
  apport                          2.20.9-0ubuntu7.12
  python-apport                   2.20.9-0ubuntu7.12
  python3-apport                  2.20.9-0ubuntu7.12

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.22
  python-apport                   2.20.1-0ubuntu2.22
  python3-apport                  2.20.1-0ubuntu2.22

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4171-5

https://ubuntu.com/security/notices/USN-4171-1

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806, https://bugs.launchpad.net/apport/+bug/1854237

Severity
critical
Lowest
Low
Medium
High
Critical

March 18, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here