drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apport (Aktualisierung)
Name: |
Mehrere Probleme in Apport (Aktualisierung) |
|
ID: |
USN-4449-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Mi, 2. September 2020, 19:17 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15701 |
|
Applikationen: |
Apport |
|
Update von: |
Mehrere Probleme in Apport |
|
Originalnachricht |
--===============0671612124649942380== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS" Content-Disposition: inline
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4449-2 September 02, 2020
apport vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apport.
Software Description: - apport: automatically generate crash reports for debugging
Details:
USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Ryota Shiga working with Trend MicroŽs Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend MicroŽs Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: apport 2.14.1-0ubuntu3.29+esm5 python-apport 2.14.1-0ubuntu3.29+esm5 python3-apport 2.14.1-0ubuntu3.29+esm5
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4449-2 https://usn.ubuntu.com/4449-1 CVE-2020-11936, CVE-2020-15701, CVE-2020-15702
--qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9PrUMACgkQRbznW4QL H2mUGg/8DGxLoSZaGvigT8P8A8hjsqn4Agl4rREzzJNr0INe5VGDj7BpDBOzuVMX w+aG/NSJFV53pzXRNBdAdyRct0GcuJtluu7Hzh702WxQmjfsuG3qewh+wYq1C5FS ha+TqrY8VFi8lAEHjD5PyJHokIoHQisom1K+09jR/c4utWHS+ntiliKl8/5CDQlt ZNR+Sc4C79gGr3QsdznqUMPRWXosx4nkT+aVkdLmA1D+inHN8zleuTCA+qe9R50e w0wZSnxdzDoPJmKWeXLiVV6BhaowNT6gIcP5uSSqCwOAgM0zEGMghjnxlDzN1V9W VP2Lyc6lsHW4NQ0Mh2tvO/q9iRwr7TshjQdcxFMPSx7iUr7F51Ug3932vfT1qOSN LgWTyKVyxFjXZIuDUo/Zm748D0g/PvGFYBxjdp8EvlIwfGFg2duwXAO49wTsMmrg K30Tz7a9z3AzBgrqK1HWnNo2KUA6hyDLNutQEGC57HFN7aVjrm95a2g1+286JpoL 5OJl7SYEZY4TtWzS6WVxnS6L4uJnScmkFAKs+/lJuxp5drYkVBvd3BJeEnj0lI+9 ilEVOULIMUjARw0JUu9Bw5sI7fOT/pFHFG9RGrZZoW9pR8G/EjJ2ceRHpPLmw22x HLQ0qVvyKeLWEpUqsFUIcfnmkncczVfta4eX7QPUEIKmzfSLNYk= =3O6r -----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
--===============0671612124649942380== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============0671612124649942380==--
|
|
|
|