Sicherheit: Mehrere Probleme in Apport (Aktualisierung)

Lesezeichen hinzufügen

--===============0671612124649942380==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4449-2
September 02, 2020

apport vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Apport.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

USN-4449-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Ryota Shiga working with Trend MicroŽs Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)

Ryota Shiga working with Trend MicroŽs Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
apport 2.14.1-0ubuntu3.29+esm5
python-apport 2.14.1-0ubuntu3.29+esm5
python3-apport 2.14.1-0ubuntu3.29+esm5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4449-2
https://usn.ubuntu.com/4449-1
CVE-2020-11936, CVE-2020-15701, CVE-2020-15702

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9PrUMACgkQRbznW4QL
H2mUGg/8DGxLoSZaGvigT8P8A8hjsqn4Agl4rREzzJNr0INe5VGDj7BpDBOzuVMX
w+aG/NSJFV53pzXRNBdAdyRct0GcuJtluu7Hzh702WxQmjfsuG3qewh+wYq1C5FS
ha+TqrY8VFi8lAEHjD5PyJHokIoHQisom1K+09jR/c4utWHS+ntiliKl8/5CDQlt
ZNR+Sc4C79gGr3QsdznqUMPRWXosx4nkT+aVkdLmA1D+inHN8zleuTCA+qe9R50e
w0wZSnxdzDoPJmKWeXLiVV6BhaowNT6gIcP5uSSqCwOAgM0zEGMghjnxlDzN1V9W
VP2Lyc6lsHW4NQ0Mh2tvO/q9iRwr7TshjQdcxFMPSx7iUr7F51Ug3932vfT1qOSN
LgWTyKVyxFjXZIuDUo/Zm748D0g/PvGFYBxjdp8EvlIwfGFg2duwXAO49wTsMmrg
K30Tz7a9z3AzBgrqK1HWnNo2KUA6hyDLNutQEGC57HFN7aVjrm95a2g1+286JpoL
5OJl7SYEZY4TtWzS6WVxnS6L4uJnScmkFAKs+/lJuxp5drYkVBvd3BJeEnj0lI+9
ilEVOULIMUjARw0JUu9Bw5sI7fOT/pFHFG9RGrZZoW9pR8G/EjJ2ceRHpPLmw22x
HLQ0qVvyKeLWEpUqsFUIcfnmkncczVfta4eX7QPUEIKmzfSLNYk=
=3O6r
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--

--===============0671612124649942380==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============0671612124649942380==--