apport 2.14.1-0ubuntu3.15 source package in Ubuntu

Changelog

apport (2.14.1-0ubuntu3.15) trusty-security; urgency=medium

  [ Martin Pitt ]
  * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
    symlink.
    This prevents normal users from pre-creating a symlink to the predictable
    .crash file, and thus triggering a "fill up disk" DoS attack when the
    .crash report tries to include itself. Also clean up the code to make this
    easier to read: Drop the "vmcore_root" alias, move the vmcore and
    vmcore.log cleanup into the "no kdump" section, and replace the buggy
    os.walk() loop with a glob to only catch direct timestamp subdirectories
    of /var/crash/.
    Thanks to halfdog for discovering this!
    (CVE-2015-1338, part of LP #1492570)
  * SECURITY FIX: Fix all writers of report files to open the report file
    exclusively.
    Fix package_hook, kernel_crashdump, and similar hooks to fail if the
    report already exists. This prevents privilege escalation through symlink
    attacks. Note that this will also prevent overwriting previous reports
    with the same same. Thanks to halfdog for discovering this!
    (CVE-2015-1338, LP: #1492570)

  [ Marc Deslauriers ]
  * This package does _not_ contain the changes from 2.14.1-0ubuntu3.14 in
    trusty-proposed.

 -- Marc Deslauriers <email address hidden>  Wed, 23 Sep 2015 11:28:26 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2015-09-23
Uploaded to:
Trusty
Original maintainer:
Martin Pitt
Architectures:
all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Trusty: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
apport_2.14.1.orig.tar.gz 1.2 MiB 2a9705542c062983471143a43f144c68109656a32428da2fc4579014f6670e65
apport_2.14.1-0ubuntu3.15.diff.gz 149.7 KiB ea8f813f6b27c3a5b71723939f66f12990b03cf8e839e52d55b9ea8ced2fbeb4
apport_2.14.1-0ubuntu3.15.dsc 2.8 KiB 8e60bc736874b3bb475732f3f5fe9c5a1e15594a5254f5fafdb8e7a883347166

View changes file

Binary packages built by this source

apport: automatically generate crash reports for debugging

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package also provides a command line frontend for browsing and
 handling the crash reports. For desktops, you should consider
 installing the GTK+ or Qt user interface (apport-gtk or apport-kde).

apport-gtk: GTK+ frontend for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a GTK+ frontend for browsing and handling the
 crash reports.

apport-kde: KDE frontend for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a KDE frontend for browsing and handling the
 crash reports.

apport-noui: tools for automatically reporting Apport crash reports

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 Installing this package will configure your system to automatically submit
 all new Apport crash reports.

apport-retrace: tools for reprocessing Apport crash reports

 apport-retrace recombines an Apport crash report (either a file or a
 Launchpad bug) and debug symbol packages (.ddebs) into fully symbolic
 stack traces. This can optionally use a sandbox for installing debug symbol
 packages and doing the processing, so that entire process of retracing crashes
 can happen with normal user privileges without changing the system.
 .
 You need to install gdb-multiarch if you want to be able to retrace crash
 reports which happened on a different architecture than the one you run
 apport-retrace on.

apport-valgrind: valgrind wrapper that first downloads debug symbols

 apport-valgrind is a valgrind wrapper that automatically downloads related
 available debug symbols and provides them to valgrind's memcheck tool, which
 is executed. The output is a valgrind log file ("valgrind.log") that contains
 stack traces (with as many symbols resolved as available) and that shows
 memory leaks.

dh-apport: debhelper extension for the apport crash report system

 apport automatically collects data from crashed processes and
 compiles a problem report in /var/crash/. This utilizes the crashdump
 helper hook provided by the Ubuntu kernel.
 .
 This package provides a debhelper extension to make it easier for other
 packages to include apport hooks.

python-apport: Python library for Apport crash report handling

 This Python package provides high-level functions for creating and
 handling apport crash reports:
 .
  * Query available and new reports.
  * Add OS, packaging, and process runtime information to a report.
  * Various frontend utility functions.
  * Python hook to generate crash reports when Python scripts fail.

python-problem-report: Python library to handle problem reports

 This Python library provides an interface for creating, modifying,
 and accessing standardized problem reports for program and kernel
 crashes and packaging bugs.
 .
 These problem reports use standard Debian control format syntax
 (RFC822).

python3-apport: Python 3 library for Apport crash report handling

 This Python package provides high-level functions for creating and
 handling apport crash reports:
 .
  * Query available and new reports.
  * Add OS, packaging, and process runtime information to a report.
  * Various frontend utility functions.
  * Python hook to generate crash reports when Python scripts fail.

python3-problem-report: Python 3 library to handle problem reports

 This Python library provides an interface for creating, modifying,
 and accessing standardized problem reports for program and kernel
 crashes and packaging bugs.
 .
 These problem reports use standard Debian control format syntax
 (RFC822).