diff -u apport-2.20.1/apport/ui.py apport-2.20.1/apport/ui.py --- apport-2.20.1/apport/ui.py +++ apport-2.20.1/apport/ui.py @@ -233,7 +233,8 @@ # and confusing to see at the next login. A crash happened and gets # reported in the same session if the logind session paths agree # and the session started before the report's "Date". - if logind_session and '_LogindSession' in self.report: + if logind_session and '_LogindSession' in self.report and \ + 'Date' in self.report: if logind_session[0] != self.report['_LogindSession'] or \ logind_session[1] > self.report.get_timestamp(): continue diff -u apport-2.20.1/data/apport apport-2.20.1/data/apport --- apport-2.20.1/data/apport +++ apport-2.20.1/data/apport @@ -419,19 +419,20 @@ sys.exit(0) sys.exit(0) - elif not is_same_ns(host_pid, "pid") and is_same_ns(host_pid, "mnt"): + elif not is_same_ns(host_pid, "mnt"): + error_log('host pid %s crashed in a separate mount namespace, ignoring' % host_pid) + sys.exit(0) + else: # If it doesn't look like the crash originated from within a - # full container, then take the global pid and replace the local - # pid with it, then move on to normal handling. + # full container or if the is_same_ns() function fails open (returning + # True), then take the global pid and replace the local pid with it, + # then move on to normal handling. # This bit is needed because some software like the chrome # sandbox will use container namespaces as a security measure but are # still otherwise host processes. When that's the case, we need to keep # handling those crashes locally using the global pid. sys.argv[1] = str(host_pid) - elif not is_same_ns(host_pid, "mnt"): - error_log('host pid %s crashed in a separate mount namespace, ignoring' % host_pid) - sys.exit(0) check_lock() diff -u apport-2.20.1/debian/changelog apport-2.20.1/debian/changelog --- apport-2.20.1/debian/changelog +++ apport-2.20.1/debian/changelog @@ -1,3 +1,25 @@ +apport (2.20.1-0ubuntu2.18) xenial-security; urgency=medium + + * data/apport: Properly handle crashes originating from a PID namespace. + (LP: #1746668) + - CVE-2018-6552 + + -- Brian Murray Thu, 10 May 2018 15:30:09 -0700 + +apport (2.20.1-0ubuntu2.17) xenial; urgency=medium + + * apport/ui.py: Ensure the Date field exists in a report before using it in + a comparison. (LP: #1658188) + + -- Brian Murray Fri, 20 Apr 2018 14:39:15 -0700 + +apport (2.20.1-0ubuntu2.16) xenial; urgency=medium + + * data/general-hooks/generic.py: Only include JournalErrors for apport-crash + reports which are private by default. (LP: #1738581) + + -- Brian Murray Fri, 30 Mar 2018 09:53:05 -0700 + apport (2.20.1-0ubuntu2.15) xenial-security; urgency=medium * REGRESSION UPDATE: Fix regression that caused a Traceback in the only in patch2: unchanged: --- apport-2.20.1.orig/data/general-hooks/generic.py +++ apport-2.20.1/data/general-hooks/generic.py @@ -87,9 +87,10 @@ report['UnreportableReason'] = 'The package installation resulted in a segmentation fault which is better reported as a crash report rather than a package install failure.' # log warnings/errors - if os.path.exists('/run/systemd/system'): - report['JournalErrors'] = apport.hookutils.command_output( - ['journalctl', '-b', '--priority=warning', '--lines=1000']) + if report['ProblemType'] == 'Crash': + if os.path.exists('/run/systemd/system'): + report['JournalErrors'] = apport.hookutils.command_output( + ['journalctl', '-b', '--priority=warning', '--lines=1000']) if __name__ == '__main__': r = {}