USN-768-1: Apport vulnerability | Ubuntu security notices

29 April 2009

Apport vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04 LTS

Software Description

apport

Details

Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04: apport - 1.0-0ubuntu5.2
Ubuntu 8.10: apport - 0.119.2
Ubuntu 8.04 LTS: apport - 0.108.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References

CVE-2009-1295