Ubuntu security

USN-4171-3: Apport regression apport regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4171-1 introduced a regression in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) [ more… ]

USN-4170-3: Whoopsie regression whoopsie regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4170-2 caused a regression in Whoopsie Software Description whoopsie – Ubuntu error tracker submission Details USN-4170-1 fixed a vulnerability in Whoopsie and USN-4170-2 fixed a subsequent regression. That update was incomplete and could still result in Whoopsie potentially crashing when uploading crash reports on some architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libwhoopsie0 – [ more… ]

USN-4171-2: Apport vulnerabilities apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4171-1 fixed several vulnerabilities in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by [ more… ]

USN-4172-2: file vulnerability file vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary file could be made to crash or run programs if it opened a specially crafted file. Software Description file – Tool to determine file types Details USN-4172-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM Ubuntu 14.04 ESM. Original advisory details: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM file – 1:5.14-2ubuntu3.4+esm1 libmagic1 – 1:5.14-2ubuntu3.4+esm1 Ubuntu 12.04 ESM file – 5.09-2ubuntu0.8 libmagic1 – 5.09-2ubuntu0.8 To update your system, please follow these instructions: [ more… ]

USN-4170-2: Whoopsie regression whoopsie regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4170-1 caused a regression in Whoopsie. Software Description whoopsie – Ubuntu error tracker submission Details USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libwhoopsie0 – 0.2.66ubuntu0.2 whoopsie – 0.2.66ubuntu0.2 Ubuntu 19.04 libwhoopsie0 – 0.2.64ubuntu0.3 whoopsie – 0.2.64ubuntu0.3 Ubuntu 18.04 LTS libwhoopsie0 [ more… ]