Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

Ubuntu 16.04 LTS USN-6894-1 Moderate: Apport Security Issues

ubuntu
Calendar Grey July 11, 2024
Dist Ubuntu Esm H88
Multiple vulnerabilities in the system monitor tool were mitigated in Fedora to avert possible exploit attempts, including denial of service scenarios.
Several security issues were fixed in Apport.

Summary

Several security issues were fixed in Apport.

Software Description:

- apport: automatically generate crash reports for debugging

Details:

Muqing Liu and neoni discovered that Apport incorrectly handled detecting

if an executable was replaced after a crash. A local attacker could

possibly use this issue to execute arbitrary code as the root user.

(CVE-2021-3899)

Gerrit Venema discovered that Apport incorrectly handled connections to

Apport sockets inside containers. A local attacker could possibly use this

issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)

Gerrit Venema discovered that Apport incorrectly handled user settings

files. A local attacker could possibly use this issue to cause Apport to

consume resources, leading to a denial of service. (CVE-2022-28652)

Gerrit Venema discovered that Apport did not limit the amount of logging

from D-Bus connections. A local attacker could possibly use this issue to

fill up the Apport log fi...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security update remote code execution Ubuntu resource exhaustion apport

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
   apport                          2.20.1-0ubuntu2.30+esm4
                                   Available with Ubuntu Pro
   python-apport                   2.20.1-0ubuntu2.30+esm4
                                   Available with Ubuntu Pro
   python3-apport                  2.20.1-0ubuntu2.30+esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6894-1

  https://ubuntu.com/security/notices/USN-5427-1

  CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654,

  CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658

Ubuntu Security Notice USN-6894-1

Topics%20covered

Topics Covered

security advisory denial of service security update remote code execution Ubuntu resource exhaustion apport

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here