Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 20.04 LTS USN-4171-6 Moderate: Apport Regression Issue

ubuntu
Calendar Grey November 12, 2020
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
USN-4171-1 introduced a regression in Apport.

Summary

USN-4171-1 introduced a regression in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression

when handling configuration files. This update fixes the problem, and also

introduces further hardening measures.

Original advisory details:

Kevin Backhouse discovered Apport would read its user-controlled settings

file as the root user. This could be used by a local attacker to possibly

crash Apport or have other unspecified consequences. (CVE-2019-11481)

Sander Bos discovered a race-condition in Apport during core dump

creation. This could be used by a local attacker to generate a crash report

for a privileged process that is readable by an unprivileged user.

(CVE-2019-11482)

Sander Bos discovered Apport mishandled crash dumps originating from

containers. This could be used by a local attacker to generate a crash

report for a privi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  apport                          2.20.11-0ubuntu50.1
  python3-apport                  2.20.11-0ubuntu50.1

Ubuntu 20.04 LTS:
  apport                          2.20.11-0ubuntu27.12
  python3-apport                  2.20.11-0ubuntu27.12

Ubuntu 18.04 LTS:
  apport                          2.20.9-0ubuntu7.20
  python-apport                   2.20.9-0ubuntu7.20
  python3-apport                  2.20.9-0ubuntu7.20

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.27
  python-apport                   2.20.1-0ubuntu2.27
  python3-apport                  2.20.1-0ubuntu2.27

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4171-1

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1903332

November 12, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.