You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa apport

Sigurnosni nedostaci programskog paketa apport

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4315-2
June 15, 2020

apport vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Apport.

Software Description:
– apport: automatically generate crash reports for debugging

Details:

USN-4315-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Maximilien Bourgeteau discovered that the Apport lock file was created with
insecure permissions. This could allow a local attacker to escalate their
privileges via a symlink attack. (CVE-2020-8831)

Maximilien Bourgeteau discovered a race condition in Apport when setting
crash report permissions. This could allow a local attacker to read
arbitrary files via a symlink attack. (CVE-2020-8833)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
apport 2.14.1-0ubuntu3.29+esm4
python-apport 2.14.1-0ubuntu3.29+esm4
python3-apport 2.14.1-0ubuntu3.29+esm4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4315-2
https://usn.ubuntu.com/4315-1
CVE-2020-8831, CVE-2020-8833
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7nlyUACgkQRbznW4QL
H2m1oxAAkD1o6FwXi9muDyQagE1IhkgTuSnkuNkjE+FpntjRl4uZy4UItePWYry2
V7YCEEr8SWnWsJL5KvlXl1+Waibgt6H6uKLkuIihJlovWcTuL9eKTDkGA231Rk7L
3KiQUWZnxTecYiaWxl16K6HHEbPZnxkIi/zhwXHKIXpzhj8PMEYhiRzrk+d8iyDZ
J7tZlSv3vp9Sj9WYAizPJZ4xI8Tr8AmZ5qXxd+d8b4R/W7OsA58OKjQhe+Whxi1m
1bd+9I1DWMdTgNia7B1IAwV8TtIqlUnbQq5TdxePlTXY9mPBiYKkhHFpnlvmiSV5
PLTmIZGkCL3bjs8aGpEtn42+78dlW2jFNpYhw0LrM0ftfZ3elboHKHCEZiI1ACC8
zx3ogOh2tyJSB24kcdn0xO25IQKHhRjxRFzxt3z48YleVxoNOTSPReQMWwqe8ZbR
gNKZuuPyBeIaK4srYrtWubcBexFYlOB5Df9EJN2GnUB41dvPV41iNxAl4IFuXbHo
b92S2nTk3ksYTpz04lZ80PqReIJgp3iocDdS0rVJHA1PMX09Qfj9RGGfjAEoo0iw
RDFsquM731GODUguv9+gNQpjCbBCWWsy8oSR1MHNolcld+GcZ3NDO6+r9kZQjSTS
yqEx/4t4FaV5OvP+SJrx4Rm2K48JIdMQOavUN8fcv8IvQfB3Xg8=
=G7j7
—–END PGP SIGNATURE—–

AutorGoran Culibrk
Cert idNCERT-REF-2020-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa chromium-browser

Otkriveni su sigurnosni nedostaci u programskom paketu chromium-browser za operacijski sustav Redhat. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih ovlasti...

Close