drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apport (Aktualisierung)
Name: |
Mehrere Probleme in Apport (Aktualisierung) |
|
ID: |
USN-4171-5 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10 |
|
Datum: |
Mi, 18. März 2020, 07:46 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11485 |
|
Applikationen: |
Apport |
|
Update von: |
Mehrere Probleme in Apport |
|
Originalnachricht |
--===============2064004437513675617== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-= Content-Type: text/plai Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4171-5 March 18, 2020
apport regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
USN-4171-1 introduced a regression in Apport.
Software Description: - apport: automatically generate crash reports for debugging
Details:
USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: apport 2.20.11-0ubuntu8.6 python-apport 2.20.11-0ubuntu8.6 python3-apport 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport 2.20.9-0ubuntu7.12 python-apport 2.20.9-0ubuntu7.12 python3-apport 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport 2.20.1-0ubuntu2.22 python-apport 2.20.1-0ubuntu2.22 python3-apport 2.20.1-0ubuntu2.22
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4171-5 https://usn.ubuntu.com/4171-1 https://launchpad.net/bugs/1851806, https://launchpad.net/bugs/1854237
Package Information: https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu8.6 https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.12 https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.22
--=-=- Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQFOBAEBCgA4FiEEiOlTC8vdwgBRe16w9JjS2d59rZwFAl5xjL4aHGFsZXgubXVy cmF5QGNhbm9uaWNhbC5jb20ACgkQ9JjS2d59rZzsbgf9HHlioIRmvyVtBtthDMy1 xbf9fF9DlBHShIjsu37VrNjRI0BoOErIqdds6AgswEo5n2vF3DY1sEjkKynGNHfr BhObgl/veU00jhb4VrRoBFMrkOaKBIBy5WEg7U15aIyh5/i82Xocp86qzMneAbt+ 50cEsG/eELjhL4KlOT6v7/gNLpgBqcU7RhEqxTNEdAZrrblb/uFQgSA4vAbA32P5 TIvpRhlVWko+mNBOdjspLsODFZ958lKETcr6vSLi9UxKG07P5QGRG0FfnjNqalQv FQtoDNv88qsE7ccWMTfd4d/VhSxIqfPNUi4Q+v/KUFgga8eqhJrdim9VE04o4xnh OQ== =2TgO -----END PGP SIGNATURE----- --=-=-=--
--===============2064004437513675617== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============2064004437513675617==--
|
|
|
|