Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 5122-1 Critical: Apport Local Escalation Vulnerability Patch

ubuntu
Calendar Grey October 25, 2021
Dist Ubuntu Esm H88
Crucial patch released for Apport in Ubuntu to mitigate local privilege escalation vulnerabilities. Installation strongly advised.
Apport could be made to create files as the administrator.

Summary

Apport could be made to create files as the administrator.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

It was discovered that Apport could be tricked into writing core files as

root into arbitrary directories in certain scenarios. A local attacker

could possibly use this issue to escalate privileges. This update will

cause Apport to generate all core files in the /var/lib/apport/coredump

directory.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  apport                          2.20.11-0ubuntu71
  python3-apport                  2.20.11-0ubuntu71

Ubuntu 21.04:
  apport                          2.20.11-0ubuntu65.4
  python3-apport                  2.20.11-0ubuntu65.4

Ubuntu 20.04 LTS:
  apport                          2.20.11-0ubuntu27.21
  python3-apport                  2.20.11-0ubuntu27.21

Ubuntu 18.04 LTS:
  apport                          2.20.9-0ubuntu7.27
  python3-apport                  2.20.9-0ubuntu7.27

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5122-1

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948657

Severity
critical
Lowest
Low
Medium
High
Critical

October 25, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.