Explore top 10 tips to secure your open-source projects now. Read More
×
Apport could be made to create files as the administrator.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
It was discovered that Apport could be tricked into writing core files as
root into arbitrary directories in certain scenarios. A local attacker
could possibly use this issue to escalate privileges. This update will
cause Apport to generate all core files in the /var/lib/apport/coredump
directory.
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apport 2.20.11-0ubuntu71 python3-apport 2.20.11-0ubuntu71 Ubuntu 21.04: apport 2.20.11-0ubuntu65.4 python3-apport 2.20.11-0ubuntu65.4 Ubuntu 20.04 LTS: apport 2.20.11-0ubuntu27.21 python3-apport 2.20.11-0ubuntu27.21 Ubuntu 18.04 LTS: apport 2.20.9-0ubuntu7.27 python3-apport 2.20.9-0ubuntu7.27 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5122-1
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948657
Get the latest Linux and open source security news straight to your inbox.