Main Vulnerability Database SB2019110507

SB2019110507 - Ubuntu update for Whoopsie

Published: November 5, 2019

Security Bulletin ID SB2019110507

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Integer overflow (CVE-ID: CVE-2019-11484)

The vulnerability allows a local user to read arbitrary files on the server.

The vulnerability exists due to integer overflow in bson_ensure_space() function in lib/bson/bson.c that is used as a bundled library in whoopsie. A local user can trigger integer overflow and read contents of an arbitrary file on the server.

Remediation

Install update from vendor's website.

References

https://usn.ubuntu.com/4170-1/
https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830865
https://usn.ubuntu.com/4170-3/
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830865