USN-5122-1: Apport vulnerability

Publication date

25 October 2021

Overview

Apport could be made to create files as the administrator.


Packages

  • apport - automatically generate crash reports for debugging

Details

It was discovered that Apport could be tricked into writing core files as
root into arbitrary directories in certain scenarios. A local attacker
could possibly use this issue to escalate privileges. This update will
cause Apport to generate all core files in the /var/lib/apport/coredump
directory.

It was discovered that Apport could be tricked into writing core files as
root into arbitrary directories in certain scenarios. A local attacker
could possibly use this issue to escalate privileges. This update will
cause Apport to generate all core files in the /var/lib/apport/coredump
directory.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
21.10 impish python3-apport –  2.20.11-0ubuntu71
apport –  2.20.11-0ubuntu71
21.04 hirsute python3-apport –  2.20.11-0ubuntu65.4
apport –  2.20.11-0ubuntu65.4
20.04 focal python3-apport –  2.20.11-0ubuntu27.21
apport –  2.20.11-0ubuntu27.21
18.04 bionic python3-apport –  2.20.9-0ubuntu7.27
apport –  2.20.9-0ubuntu7.27

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›