USN-7545-4: Apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update incorrectly handled logging if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metada...

USN-7545-3: Apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update introduced a regression that raised an error if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrect...

USN-6894-1: Apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

USN-5427-1 apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

Ubuntu 16.04 ESM : Apport vulnerabilities (USN-5077-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5077-2 advisory. USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

USN-4965-2 apport vulnerabilities

USN-4965-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these...

USN-4965-1 apport vulnerabilities

Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges...

USN-4720-2: Apport vulnerabilities

USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate...

USN-4449-1 apport vulnerabilities

Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. CVE-2020-11936 Seong-Joong Kim discovered that Apport incorrectly parsed configuration...

USN-4171-2 apport vulnerabilities

USN-4171-1 fixed several vulnerabilities in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly...

USN-4171-1 apport vulnerabilities

Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. CVE-2019-11481 Sander Bos discovered a race-condition in Apport during core dump creation. This...

Ubuntu 16.04 LTS / 18.04 LTS : Apport vulnerabilities (USN-4171-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4171-1 advisory. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to...

USN-2609-1 apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. CVE-2015-1324 Philip Pettersson discovered that Apport contained race conditions resultin...