Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 ESM: USN-4449-2 Moderate: Apport Issues Fixed

ubuntu
Calendar Grey September 2, 2020
Dist Ubuntu Esm H88
Several security weaknesses in Apport addressed in the Ubuntu 14.04 ESM patch for enhanced protection
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

USN-4449-1 fixed several vulnerabilities in Apport. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that

Apport incorrectly dropped privileges when making certain D-Bus calls. A

local attacker could use this issue to read arbitrary files.

(CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed configuration

files. A local attacker could use this issue to cause Apport to crash,

resulting in a denial of service. (CVE-2020-15701)

Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that

Apport incorrectly implemented certain checks. A local attacker could use

this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  apport                          2.14.1-0ubuntu3.29+esm5
  python-apport                   2.14.1-0ubuntu3.29+esm5
  python3-apport                  2.14.1-0ubuntu3.29+esm5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4449-2

https://ubuntu.com/security/notices/USN-4449-1

CVE-2020-11936, CVE-2020-15701, CVE-2020-15702

September 02, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here