Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 20.04 LTS: USN-4449-1 High: Apport Local Attacks Fixed

ubuntu
Calendar Grey August 4, 2020
Dist Ubuntu Esm H88
Multiple Apport vulnerabilities addressed in Ubuntu 20.04, 18.04, 16.04 LTS affecting local users.
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

Ryota Shiga discovered that Apport incorrectly dropped privileges when

making certain D-Bus calls. A local attacker could use this issue to read

arbitrary files. (CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed configuration

files. A local attacker could use this issue to cause Apport to crash,

resulting in a denial of service. (CVE-2020-15701)

Ryota Shiga discovered that Apport incorrectly implemented certain checks.

A local attacker could use this issue to escalate privileges and run

arbitrary code. (CVE-2020-15702)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  apport                          2.20.11-0ubuntu27.6
  python3-apport                  2.20.11-0ubuntu27.6

Ubuntu 18.04 LTS:
  apport                          2.20.9-0ubuntu7.16
  python-apport                   2.20.9-0ubuntu7.16
  python3-apport                  2.20.9-0ubuntu7.16

Ubuntu 16.04 LTS:
  apport                          2.20.1-0ubuntu2.24
  python-apport                   2.20.1-0ubuntu2.24
  python3-apport                  2.20.1-0ubuntu2.24

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4449-1

CVE-2020-11936, CVE-2020-15701, CVE-2020-15702

August 04, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here