USN-4450-1: Whoopsie vulnerabilities

Publication date

4 August 2020

Overview

Several security issues were fixed in whoopsie.


Packages

  • whoopsie - Ubuntu error tracker submission

Details

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-11937)

Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files.
A local attacker could use this issue to cause Whoopsie to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2020-12135)

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-15570)

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-11937)

Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files.
A local attacker could use this issue to cause Whoopsie to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2020-12135)

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-15570)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 focal libwhoopsie0 –  0.2.69ubuntu0.1
whoopsie –  0.2.69ubuntu0.1
18.04 bionic libwhoopsie0 –  0.2.62ubuntu0.5
whoopsie –  0.2.62ubuntu0.5
16.04 xenial libwhoopsie0 –  0.2.52.5ubuntu0.5
whoopsie –  0.2.52.5ubuntu0.5

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›