Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 ESM USN-4315-2: High Severity Apport Issues Resolved

ubuntu
Calendar Grey June 15, 2020
Dist Ubuntu Esm H88
Multiple security issues addressed in Ubuntu 14.04 ESM regarding Apport, along with detailed update guidance shared.
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

USN-4315-1 fixed several vulnerabilities in Apport. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Maximilien Bourgeteau discovered that the Apport lock file was created with

insecure permissions. This could allow a local attacker to escalate their

privileges via a symlink attack. (CVE-2020-8831)

Maximilien Bourgeteau discovered a race condition in Apport when setting

crash report permissions. This could allow a local attacker to read

arbitrary files via a symlink attack. (CVE-2020-8833)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  apport                          2.14.1-0ubuntu3.29+esm4
  python-apport                   2.14.1-0ubuntu3.29+esm4
  python3-apport                  2.14.1-0ubuntu3.29+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4315-2

https://ubuntu.com/security/notices/USN-4315-1

CVE-2020-8831, CVE-2020-8833

June 15, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here