You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa apport

Sigurnosni nedostaci programskog paketa apport

by - 0

==========================================================================
Ubuntu Security Notice USN-4449-1
August 04, 2020

apport vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Apport.

Software Description:
– apport: automatically generate crash reports for debugging

Details:

Ryota Shiga discovered that Apport incorrectly dropped privileges when
making certain D-Bus calls. A local attacker could use this issue to read
arbitrary files. (CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)

Ryota Shiga discovered that Apport incorrectly implemented certain checks.
A local attacker could use this issue to escalate privileges and run
arbitrary code. (CVE-2020-15702)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
apport 2.20.11-0ubuntu27.6
python3-apport 2.20.11-0ubuntu27.6

Ubuntu 18.04 LTS:
apport 2.20.9-0ubuntu7.16
python-apport 2.20.9-0ubuntu7.16
python3-apport 2.20.9-0ubuntu7.16

Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.24
python-apport 2.20.1-0ubuntu2.24
python3-apport 2.20.1-0ubuntu2.24

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4449-1
CVE-2020-11936, CVE-2020-15701, CVE-2020-15702

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu27.6
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.16
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.24

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8pq6wACgkQZWnYVadE
vpP+qg//cmFFjY5oIVGgHx3C/Pyd/34h9Ag2CEloD0KLnqErZGan4S/tDOUNcFSF
8dbKLEytkQEkly4IRH1rxlOsSc4F6HX/85mKl6n/oc2Yw5yWGrulkV126alfftM6
Hs0dwzUHMTVJRoLE85u5C2GF7349UXRzCXa6IU9ME5qnyTW/RnEwZ6BAvyYEP9AE
6AWk2KzLd1tfjJxDQeN1PitNgBT+7R3Tqh6k7NHdKV7oYpeD4jvttWgSJHO9uY9D
DRTIG3FxDqhS/WZyAu1QmtarVb+V4rY3xTOORygvHto52K1QmnKt2tEKmuYISMYc
se6duQuA8gQum2LHaYdvtpHxup6wwiskFJ51Cx6xXUkDqD3ZWcvSKTC73nwlD7V4
g2XNNb8t/gMgOsUupIROgxcRxhpl6nrO/yecUc5lea7OrqQFIqWTwwr61yRriUmH
sE5rdhVGCfoOG6ehP+syuwVh5W5BvWlkjqc9Mx5rHcTvyAjsZ3u5GpSeh7KB0cUC
shb4KCQi+ONunIFwFeqf8sosAfauYy2VVHbLgVG+0Vmrnh883M1JduTImO5CoFEs
pqHnh0SNdYzOJULOp+cSta9qjAisb2ybXHmktxhc2H/U1RkzurNinJDJSHmGteyX
ejhneu+wK5YYjTEFCdDwuTgCyFEmosXCJ1ssVIHAeBjzMws+kqw=
=tZrD
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke LibVirt

Otkriven je sigurnosni nedostatak programske biblioteke LibVirt za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje...

Close