Ubuntu 19.10 Security Advisory USN-4315-1: Apport Privilege Escalation
ubuntu
April 2, 2020
Several security issues were fixed in Apport.
Summary
Several security issues were fixed in Apport.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
Maximilien Bourgeteau discovered that the Apport lock file was created with
insecure permissions. This could allow a local attacker to escalate their
privileges via a symlink attack. (CVE-2020-8831)
Maximilien Bourgeteau discovered a race condition in Apport when setting
crash report permissions. This could allow a local attacker to read
arbitrary files via a symlink attack. (CVE-2020-8833)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: apport 2.20.11-0ubuntu8.8 python-apport 2.20.11-0ubuntu8.8 python3-apport 2.20.11-0ubuntu8.8 Ubuntu 18.04 LTS: apport 2.20.9-0ubuntu7.14 python-apport 2.20.9-0ubuntu7.14 python3-apport 2.20.9-0ubuntu7.14 Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.23 python-apport 2.20.1-0ubuntu2.23 python3-apport 2.20.1-0ubuntu2.23 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4315-1
CVE-2020-8831, CVE-2020-8833
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
April 02, 2020
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!