{"id":58176,"date":"2024-07-12T18:30:19","date_gmt":"2024-07-12T15:30:19","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179513\/USN-6894-1.txt"},"modified":"2024-07-12T18:30:19","modified_gmt":"2024-07-12T15:30:19","slug":"ubuntu-security-notice-usn-6894-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/ubuntu-security-notice-usn-6894-1\/","title":{"rendered":"Ubuntu Security Notice USN-6894-1"},"content":{"rendered":"<p>==========================================================================<br \/>Ubuntu Security Notice USN-6894-1<br \/>July 11, 2024<\/p>\n<p>apport vulnerabilities<br \/>==========================================================================<\/p>\n<p>A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n<p>&#8211; Ubuntu 16.04 LTS<\/p>\n<p>Summary:<\/p>\n<p>Several security issues were fixed in Apport.<\/p>\n<p>Software Description:<br \/>&#8211; apport: automatically generate crash reports for debugging<\/p>\n<p>Details:<\/p>\n<p>Muqing Liu and neoni discovered that Apport incorrectly handled detecting<br \/>if an executable was replaced after a crash. A local attacker could<br \/>possibly use this issue to execute arbitrary code as the root user.<br \/>(CVE-2021-3899)<\/p>\n<p>Gerrit Venema discovered that Apport incorrectly handled connections to<br \/>Apport sockets inside containers. A local attacker could possibly use this<br \/>issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)<\/p>\n<p>Gerrit Venema discovered that Apport incorrectly handled user settings<br \/>files. A local attacker could possibly use this issue to cause Apport to<br \/>consume resources, leading to a denial of service. (CVE-2022-28652)<\/p>\n<p>Gerrit Venema discovered that Apport did not limit the amount of logging<br \/>from D-Bus connections. A local attacker could possibly use this issue to<br \/>fill up the Apport log file, leading to a denial of service.<br \/>(CVE-2022-28654)<\/p>\n<p>Gerrit Venema discovered that Apport did not filter D-Bus connection<br \/>strings. A local attacker could possibly use this issue to cause Apport to<br \/>make arbitrary network connections. (CVE-2022-28655)<\/p>\n<p>Gerrit Venema discovered that Apport did not limit the amount of memory<br \/>being consumed during D-Bus connections. A local attacker could possibly<br \/>use this issue to cause Apport to consume memory, leading to a denial of<br \/>service. (CVE-2022-28656)<\/p>\n<p>Gerrit Venema discovered that Apport did not disable the python crash<br \/>handler before chrooting into a container. A local attacker could possibly<br \/>use this issue to execute arbitrary code. (CVE-2022-28657)<\/p>\n<p>Gerrit Venema discovered that Apport incorrectly handled filename argument<br \/>whitespace. A local attacker could possibly use this issue to spoof<br \/>arguments to the Apport daemon. (CVE-2022-28658)<\/p>\n<p>Update instructions:<\/p>\n<p>The problem can be corrected by updating your system to the following<br \/>package versions:<\/p>\n<p>Ubuntu 16.04 LTS<br \/>apport 2.20.1-0ubuntu2.30+esm4<br \/>Available with Ubuntu Pro<br \/>python-apport 2.20.1-0ubuntu2.30+esm4<br \/>Available with Ubuntu Pro<br \/>python3-apport 2.20.1-0ubuntu2.30+esm4<br \/>Available with Ubuntu Pro<\/p>\n<p>In general, a standard system update will make all the necessary changes.<\/p>\n<p>References:<br \/>https:\/\/ubuntu.com\/security\/notices\/USN-6894-1<br \/>https:\/\/ubuntu.com\/security\/notices\/USN-5427-1<br \/>CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654,<br \/>CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658<\/p>\n","protected":false},"excerpt":{"rendered":"<p>==========================================================================Ubuntu Security Notice USN-6894-1July 11, 2024 apport vulnerabilities========================================================================== A security issue affects these releases of Ubuntu and its derivatives: &#8211; Ubuntu 16.04 LTS Summary: Several security issues were fixed in Apport. Software Description:&#8211; apport: automatically generate crash reports for debugging Details: Muqing Liu and neoni discovered that Apport incorrectly handled detectingif an executable was replaced &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58176","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58176"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58176\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}