Ubuntu security notices
USN-4315-2: Apport vulnerabilities
USN-4315-2: Apport vulnerabilities apport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in Apport. Software Description apport – automatically generate crash reports for debugging Details USN-4315-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack. (CVE-2020-8833) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM apport – 2.14.1-0ubuntu3.29+esm4 python-apport – 2.14.1-0ubuntu3.29+esm4 python3-apport – [ more… ]