Ubuntu Local Security Checks : Ubuntu: Security Advisory for apport (USN-4171-5)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.844367

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu: Security Advisory for apport (USN-4171-5)

Zusammenfassung: The remote host is missing an update for the 'apport'; package(s) announced via the USN-4171-5 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'apport'
package(s) announced via the USN-4171-5 advisory.

Vulnerability Insight:
USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in
autopkgtest and python2 compatibility. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Kevin Backhouse discovered Apport would read its user-controlled settings
file as the root user. This could be used by a local attacker to possibly
crash Apport or have other unspecified consequences. (CVE-2019-11481)

Sander Bos discovered a race-condition in Apport during core dump
creation. This could be used by a local attacker to generate a crash report
for a privileged process that is readable by an unprivileged user.
(CVE-2019-11482)

Sander Bos discovered Apport mishandled crash dumps originating from
containers. This could be used by a local attacker to generate a crash
report for a privileged process that is readable by an unprivileged user.
(CVE-2019-11483)

Sander Bos discovered Apport mishandled lock-file creation. This could be
used by a local attacker to cause a denial of service against Apport.
(CVE-2019-11485)

Kevin Backhouse discovered Apport read various process-specific files with
elevated privileges during crash dump generation. This could could be used
by a local attacker to generate a crash report for a privileged process
that is readable by an unprivileged user. (CVE-2019-15790)

Affected Software/OS:
'apport' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
6.1

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-11481
Common Vulnerability Exposure (CVE) ID: CVE-2019-11482
Common Vulnerability Exposure (CVE) ID: CVE-2019-11483
Common Vulnerability Exposure (CVE) ID: CVE-2019-11485
Common Vulnerability Exposure (CVE) ID: CVE-2019-15790

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.844367
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory for apport (USN-4171-5)
Zusammenfassung:	The remote host is missing an update for the 'apport'; package(s) announced via the USN-4171-5 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'apport' package(s) announced via the USN-4171-5 advisory. Vulnerability Insight: USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Affected Software/OS: 'apport' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS. Solution: Please install the updated package(s). CVSS Score: 6.1 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11481 Common Vulnerability Exposure (CVE) ID: CVE-2019-11482 Common Vulnerability Exposure (CVE) ID: CVE-2019-11483 Common Vulnerability Exposure (CVE) ID: CVE-2019-11485 Common Vulnerability Exposure (CVE) ID: CVE-2019-15790
Copyright	Copyright (C) 2020 Greenbone Networks GmbH