News and announcements

Security bug fix version 1.1.1 released

Written for Apport by Martin Pitt on 2009-04-30

This release fixes a race condition in the cleanup cron job. It is not trivially exploitable, but still poses a practical threat. Please update to this version as soon as possible.

If you just need the patch for the vulnerability, you can apply http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/1421 .

1.1.1 (2009-04-30)
------------------
Security fix:
- etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
  descend into subdirectories of /var/crash/. Doing so might be exploited by a
  race condition between find traversing a huge directory tree, changing an
  existing subdir into a symlink to e. g. /etc/, and finally getting that piped
  to rm. This also changes the find command to not use GNU extensions. Thanks
  to Stephane Chazelas for discovering this! (LP #357024, CVE-2009-1295)

Bug fixes:
- launchpad.py: Send and read Date: field again, reverting r1128; it is useful
  after all. (LP #349139)
- Only add ProcAttrCurrent to reports if it is not "unconfined", to remove some
  noise from reports.
- Detect invalid PIDs in the UI (such as for kernel processes) and give a
  friendly error message instead of silently doing nothing. (LP #360608)
- Always run common hooks, and run source package hooks if we do not have a
  binary package name. (LP #350131)
- launchpad.py: Consider socket errors when connecting as transient, so
  that crash-digger doesn't stop completely on them.