1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Apport regression

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, March 18, 2020 00:10:09
    apport regression

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    USN-4171-1 introduced a regression in Apport.

    Software Description

    * apport - automatically generate crash reports for debugging

    Details

    USN-4171-1 fixed vulnerabilities in Apport. This caused a
    regression in autopkgtest and python2 compatibility. This update
    fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    Kevin Backhouse discovered Apport would read its user-controlled
    settings file as the root user. This could be used by a local
    attacker to possibly crash Apport or have other unspecified
    consequences. (CVE-2019-11481)

    Sander Bos discovered a race-condition in Apport during core dump
    creation. This could be used by a local attacker to generate a
    crash report for a privileged process that is readable by an
    unprivileged user. (CVE-2019-11482)

    Sander Bos discovered Apport mishandled crash dumps originating
    from containers. This could be used by a local attacker to
    generate a crash report for a privileged process that is readable
    by an unprivileged user. (CVE-2019-11483)

    Sander Bos discovered Apport mishandled lock-file creation. This
    could be used by a local attacker to cause a denial of service
    against Apport. (CVE-2019-11485)

    Kevin Backhouse discovered Apport read various process-specific
    files with elevated privileges during crash dump generation. This
    could could be used by a local attacker to generate a crash report
    for a privileged process that is readable by an unprivileged user.
    (CVE-2019-15790)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    apport - 2.20.11-0ubuntu8.6
    python-apport - 2.20.11-0ubuntu8.6
    python3-apport - 2.20.11-0ubuntu8.6

    Ubuntu 18.04 LTS
    apport - 2.20.9-0ubuntu7.12
    python-apport - 2.20.9-0ubuntu7.12
    python3-apport - 2.20.9-0ubuntu7.12

    Ubuntu 16.04 LTS
    apport - 2.20.1-0ubuntu2.22
    python-apport - 2.20.1-0ubuntu2.22
    python3-apport - 2.20.1-0ubuntu2.22

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4171-1
    * LP: 1851806
    * LP: 1854237

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)