Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 578
Alerts This Week
Warning Icon 1 578

Ubuntu 22.04 LTS USN-5427-1 Critical Apport Local Attack Issues

ubuntu
Calendar Grey May 17, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities in the Apport tool have been addressed with the recent updates across various Ubuntu versions.
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

Muqing Liu and neoni discovered that Apport incorrectly handled detecting

if an executable was replaced after a crash. A local attacker could

possibly use this issue to execute arbitrary code as the root user.

(CVE-2021-3899)

Gerrit Venema discovered that Apport incorrectly handled connections to

Apport sockets inside containers. A local attacker could possibly use this

issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)

Gerrit Venema discovered that Apport incorrectly handled user settings

files. A local attacker could possibly use this issue to cause Apport to

consume resources, leading to a denial of service. (CVE-2022-28652)

Gerrit Venema discovered that Apport did not limit the amount of logging

from D-Bus connections. A local attacker could possibly use this issue to

fill up the Apport log fi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  apport                          2.20.11-0ubuntu82.1
  python3-apport                  2.20.11-0ubuntu82.1

Ubuntu 21.10:
  apport                          2.20.11-0ubuntu71.2
  python3-apport                  2.20.11-0ubuntu71.2

Ubuntu 20.04 LTS:
  apport                          2.20.11-0ubuntu27.24
  python3-apport                  2.20.11-0ubuntu27.24

Ubuntu 18.04 LTS:
  apport                          2.20.9-0ubuntu7.28
  python3-apport                  2.20.9-0ubuntu7.28

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5427-1

CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654,

CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658

Severity
critical
Lowest
Low
Medium
High
Critical

May 17, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.