Monday, December 17, 2012

[USN-1668-1] Apport update

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQz6vcAAoJEFHb3FjMVZVzzf4QALb91sxOtP4T1iuRGv4FhCqO
eqXS+q7Qt84eoT92Nfa2LoSdEFayIU4mQLvwQ2jMPEFJvUIXOnjw2Uu0lpaTmgtJ
VdW6TI57zuCGfNL7sj/Rg1q7baqr/AquV4HiAEBzlMIT6kv6vt846JEdGw5fnAqd
Pv1EfWplZf0vk3vYgll3HcHFVZZISJzaGHtWtvIdffEgsxgHJVHF3fTm50pAsgch
7H6xLbmKb2POkSjDmHurEkLNYFmTfZSnSJ8ZgFjNWx9+OVB3qPiipg7Z03CKgJ8+
RNjIWCqRr/Zw+CYTiPqYdkfGu5BqQ7zV/Waeyl7jbD7nX7QLgDuhVcvL33g+DJRa
HC/nh3LXECjusT73sKkVXgxOtukv+vYK5IskqWZif3ufWIA0aoS3XISspNKpvxEZ
Y8+YdneSIN4BLfkJehtIzHxdJ0Y8NSGXu8Aa46rCjgeW8OnXwCBREzWBanXKP/2h
Cu6fQE418W2wALCGRRCBGxHqc2DAMavwQTbjs587aCeRArRo3zofy52/oMfc8wHX
CvGYrUWg6MeGHqMyHmcnZOOJTXLLyh2d0iuFHz8F8HbkcYCG2yGKzUlWxlRMhn2J
LoJH3cXE8kJzXVLPoQQbXnP9ZlOBkk4wi9taSLs8n7T5U/4WYKlibl780/ETRphv
/GeY/G4Wa5l3MBWW56KN
=XdOm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1668-1
December 17, 2012

apport update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

A hardening measure was added to apport.

Software Description:
- apport: automatically generate crash reports for debugging

Details:

Dan Rosenberg discovered that an application running under an AppArmor
profile that allowed unconfined execution of apport-bug could escape
confinement by calling apport-bug with a crafted environment. While not a
vulnerability in apport itself, this update mitigates the issue by
sanitizing certain variables in the apport-bug shell script.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
apport 2.0.1-0ubuntu15.1

Ubuntu 11.10:
apport 1.23-0ubuntu4.1

Ubuntu 10.04 LTS:
apport 1.13.3-0ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1668-1
https://launchpad.net/bugs/1045986

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu15.1
https://launchpad.net/ubuntu/+source/apport/1.23-0ubuntu4.1
https://launchpad.net/ubuntu/+source/apport/1.13.3-0ubuntu2.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)