apport 2.0.1-0ubuntu17.10 source package in Ubuntu

Changelog

apport (2.0.1-0ubuntu17.10) precise-security; urgency=medium

  * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
    symlink.
    This prevents normal users from pre-creating a symlink to the predictable
    .crash file, and thus triggering a "fill up disk" DoS attack when the
    .crash report tries to include itself. Thanks to halfdog for discovering
    this! (CVE-2015-1338, part of LP #1492570)
  * SECURITY FIX: Fix all writers of report files to open the report file
    exclusively.
    Fix package_hook, kernel_crashdump, and similar hooks to fail if the
    report already exists. This prevents privilege escalation through symlink
    attacks. Note that this will also prevent overwriting previous reports
    with the same same. Thanks to halfdog for discovering this!
    (CVE-2015-1338, LP: #1492570)
  * debian/tests/upstream-system: Change directory to /tmp, so that tests
    actually run against the installed package.

 -- Martin Pitt <email address hidden>  Mon, 21 Sep 2015 11:58:45 +0200

Upload details

Uploaded by:
Martin Pitt on 2015-09-22
Sponsored by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Martin Pitt
Architectures:
all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Precise: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
apport_2.0.1.orig.tar.gz 650.8 KiB 2020aea997fa35fd72a99d55e228cbd5c0686a7904b61b492d44452f3679ff52
apport_2.0.1-0ubuntu17.10.diff.gz 137.5 KiB f1c97dc4fdea7bd940bc1b5109e295bb788fd29f051cf0f3f088424fd016d87b
apport_2.0.1-0ubuntu17.10.dsc 2.3 KiB abbd646ee0dcbfe1aaa2a0bf9a45f50184f218560445b4714a448d0483773f3d

View changes file

Binary packages built by this source

apport: automatically generate crash reports for debugging

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package also provides a command line frontend for browsing and
 handling the crash reports. For desktops, you should consider
 installing the GTK+ or Qt user interface (apport-gtk or apport-kde).

apport-gtk: GTK+ frontend for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a GTK+ frontend for browsing and handling the
 crash reports.

apport-kde: KDE frontend for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a KDE frontend for browsing and handling the
 crash reports.

apport-retrace: tools for reprocessing Apport crash reports

 apport-retrace recombines an Apport crash report (either a file or a
 Launchpad bug) and debug symbol packages (.ddebs) into fully symbolic
 stack traces. This can optionally use a sandbox for installing debug symbol
 packages and doing the processing, so that entire process of retracing crashes
 can happen with normal user privileges without changing the system.

dh-apport: debhelper extension for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a debhelper extension to make it easier for other
 packages to include apport hooks.

python-apport: apport crash report handling library

 This Python package provides high-level functions for creating and
 handling apport crash reports:
 .
  * Query available and new reports.
  * Add OS, packaging, and process runtime information to a report.
  * Various frontend utility functions.
  * Python hook to generate crash reports when Python scripts fail.

python-problem-report: Python library to handle problem reports

 This Python library provides an interface for creating, modifying,
 and accessing standardized problem reports for program and kernel
 crashes and packaging bugs.
 .
 These problem reports use standard Debian control format syntax
 (RFC822).