Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28920
HistoryJan 02, 2013 - 12:00 a.m.

[USN-1668-1] Apport update

2013-01-0200:00:00
vulners.com
23
JSON

==========================================================================
Ubuntu Security Notice USN-1668-1
December 17, 2012

apport update

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 10.04 LTS

Summary:

A hardening measure was added to apport.

Software Description:

  • apport: automatically generate crash reports for debugging

Details:

Dan Rosenberg discovered that an application running under an AppArmor
profile that allowed unconfined execution of apport-bug could escape
confinement by calling apport-bug with a crafted environment. While not a
vulnerability in apport itself, this update mitigates the issue by
sanitizing certain variables in the apport-bug shell script.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
apport 2.0.1-0ubuntu15.1

Ubuntu 11.10:
apport 1.23-0ubuntu4.1

Ubuntu 10.04 LTS:
apport 1.13.3-0ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1668-1
https://launchpad.net/bugs/1045986

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu15.1
https://launchpad.net/ubuntu/+source/apport/1.23-0ubuntu4.1
https://launchpad.net/ubuntu/+source/apport/1.13.3-0ubuntu2.2

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

JSON