Linux News Today: Canonical Fixes Vulnerability in Apport for All Ubuntu Systems
An Apport vulnerability has been found and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. A fresh patch has been made available in the Ubuntu repos.
Apport is the application that is used to automatically generate crash reports for debugging. If you even saw what a crash looked like in Ubuntu, then you’ve already seen and used Apport. The trouble is that Apport could have been made to crash or to overwrite files as an administrator, and that cannot be a good thing, as you can imagine.
“Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service,” reads the security notice.
For a more detailed description of the problem, you can check Canonical’s security notification. Users should upgrade their Linux distribution in order to correct this issue. The vulnerability can be fixed if you upgrade your system(s) to the latest apport package specific to each distribution.
If you don’t want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get update
sudo apt-get dist-upgrade
The updating process should be very short, if this is the only upgrade that you need to perform. You don’t need to reboot the system.