Ubuntu Security Notice 4315-2 - USN-4315-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. Various other issues were also addressed.
7347091baf4ebd4bd549c2657d8611e56b9e6996a1c7a1589d41ade876fdb78b
=========================================================================
Ubuntu Security Notice USN-4315-2
June 15, 2020
apport vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apport.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
USN-4315-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Maximilien Bourgeteau discovered that the Apport lock file was created with
insecure permissions. This could allow a local attacker to escalate their
privileges via a symlink attack. (CVE-2020-8831)
Maximilien Bourgeteau discovered a race condition in Apport when setting
crash report permissions. This could allow a local attacker to read
arbitrary files via a symlink attack. (CVE-2020-8833)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
apport 2.14.1-0ubuntu3.29+esm4
python-apport 2.14.1-0ubuntu3.29+esm4
python3-apport 2.14.1-0ubuntu3.29+esm4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4315-2
https://usn.ubuntu.com/4315-1
CVE-2020-8831, CVE-2020-8833