apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 19.10
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Apport.

Software Description

* apport - automatically generate crash reports for debugging

Details

Maximilien Bourgeteau discovered that the Apport lock file was
created with insecure permissions. This could allow a local
attacker to escalate their privileges via a symlink attack.
(CVE-2020-8831)

Maximilien Bourgeteau discovered a race condition in Apport when
setting crash report permissions. This could allow a local
attacker to read arbitrary files via a symlink attack.
(CVE-2020-8833)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 19.10
apport - 2.20.11-0ubuntu8.8
python-apport - 2.20.11-0ubuntu8.8
python3-apport - 2.20.11-0ubuntu8.8

Ubuntu 18.04 LTS
apport - 2.20.9-0ubuntu7.14
python-apport - 2.20.9-0ubuntu7.14
python3-apport - 2.20.9-0ubuntu7.14

Ubuntu 16.04 LTS
apport - 2.20.1-0ubuntu2.23
python-apport - 2.20.1-0ubuntu2.23
python3-apport - 2.20.1-0ubuntu2.23

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-8831
* CVE-2020-8833

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 14.04 ESM

Summary

Several security issues were fixed in Apport.

Software Description

* apport - automatically generate crash reports for debugging

Details

USN-4315-1 fixed several vulnerabilities in Apport. This update
provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Maximilien Bourgeteau discovered that the Apport lock file was
created with insecure permissions. This could allow a local
attacker to escalate their privileges via a symlink attack.
(CVE-2020-8831)

Maximilien Bourgeteau discovered a race condition in Apport when
setting crash report permissions. This could allow a local
attacker to read arbitrary files via a symlink attack.
(CVE-2020-8833)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 14.04 ESM
apport - 2.14.1-0ubuntu3.29+esm4
python-apport - 2.14.1-0ubuntu3.29+esm4
python3-apport - 2.14.1-0ubuntu3.29+esm4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* USN-4315-1
* CVE-2020-8831
* CVE-2020-8833

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 20.04 LTS
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Apport.

Software Description

* apport - automatically generate crash reports for debugging

Details

Ryota Shiga discovered that Apport incorrectly dropped privileges
when making certain D-Bus calls. A local attacker could use this
issue to read arbitrary files. (CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed
configuration files. A local attacker could use this issue to
cause Apport to crash, resulting in a denial of service.
(CVE-2020-15701)

Ryota Shiga discovered that Apport incorrectly implemented certain
checks. A local attacker could use this issue to escalate
privileges and run arbitrary code. (CVE-2020-15702)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 20.04 LTS
apport - 2.20.11-0ubuntu27.6
python3-apport - 2.20.11-0ubuntu27.6

Ubuntu 18.04 LTS
apport - 2.20.9-0ubuntu7.16
python-apport - 2.20.9-0ubuntu7.16
python3-apport - 2.20.9-0ubuntu7.16

Ubuntu 16.04 LTS
apport - 2.20.1-0ubuntu2.24
python-apport - 2.20.1-0ubuntu2.24
python3-apport - 2.20.1-0ubuntu2.24

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-11936
* CVE-2020-15701
* CVE-2020-15702

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 14.04 ESM

Summary

Several security issues were fixed in Apport.

Software Description

* apport - automatically generate crash reports for debugging

Details

USN-4449-1 fixed several vulnerabilities in Apport. This update
provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Ryota Shiga working with Trend Micro**s Zero Day Initiative,
discovered that Apport incorrectly dropped privileges when making
certain D-Bus calls. A local attacker could use this issue to read
arbitrary files. (CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed
configuration files. A local attacker could use this issue to
cause Apport to crash, resulting in a denial of service.
(CVE-2020-15701)

Ryota Shiga working with Trend Micro**s Zero Day Initiative,
discovered that Apport incorrectly implemented certain checks. A
local attacker could use this issue to escalate privileges and run
arbitrary code. (CVE-2020-15702)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 14.04 ESM
apport - 2.14.1-0ubuntu3.29+esm5
python-apport - 2.14.1-0ubuntu3.29+esm5
python3-apport - 2.14.1-0ubuntu3.29+esm5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* USN-4449-1
* CVE-2020-11936
* CVE-2020-15701
* CVE-2020-15702

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)