apport 2.14.7-0ubuntu8.5 source package in Ubuntu

Changelog

apport (2.14.7-0ubuntu8.5) utopic-security; urgency=medium

  * SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
    program that is suid root or not readable for the user would create
    root-owned core files in the current directory of that program.  Creating
    specially crafted core files in /etc/logrotate.d or similar could then
    lead to arbitrary code execution with root privileges.  Now core files do
    not get written for these kinds of programs, in accordance with the
    intention of core(5).
    Thanks to Sander Bos for discovering this issue!
    (CVE-2015-1324, LP: #1452239)
  * SECURITY UPDATE: When writing a core dump file for a crashed packaged
    program, don't close and reopen the .crash report file but just rewind and
    re-read it. This prevents the user from modifying the .crash report file
    while "apport" is running to inject data and creating crafted core dump
    files. In conjunction with the above vulnerability of writing core dump
    files to arbitrary directories this could be exploited to gain root
    privileges.
    Thanks to Philip Pettersson for discovering this issue!
    (CVE-2015-1325, LP: #1453900)
  * test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
    test_nonwritable_cwd() uses a different dir.

 -- Martin Pitt <email address hidden>  Wed, 13 May 2015 11:59:03 +0200

Upload details

Uploaded by:
Martin Pitt on 2015-05-15
Sponsored by:
Marc Deslauriers
Uploaded to:
Utopic
Original maintainer:
Martin Pitt
Architectures:
all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Utopic: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
apport_2.14.7.orig.tar.gz 926.2 KiB c1fc62605042a53166293a9bce1c0aa3e039f9ebd32925e7f14dc771dd6220a8
apport_2.14.7-0ubuntu8.5.diff.gz 1015.4 KiB 4f9545ceccd5e09ff14ffbdae81114845780f72435fa619967fbbe3c678c4237
apport_2.14.7-0ubuntu8.5.dsc 2.8 KiB 85d5a55cf05275587cf93ededce9c67c4af3e90d61cf1dae3a19c482dda20315

View changes file

Binary packages built by this source

apport: No summary available for apport in ubuntu utopic.

No description available for apport in ubuntu utopic.

apport-gtk: No summary available for apport-gtk in ubuntu utopic.

No description available for apport-gtk in ubuntu utopic.

apport-kde: No summary available for apport-kde in ubuntu utopic.

No description available for apport-kde in ubuntu utopic.

apport-noui: No summary available for apport-noui in ubuntu utopic.

No description available for apport-noui in ubuntu utopic.

apport-retrace: No summary available for apport-retrace in ubuntu utopic.

No description available for apport-retrace in ubuntu utopic.

apport-valgrind: No summary available for apport-valgrind in ubuntu utopic.

No description available for apport-valgrind in ubuntu utopic.

dh-apport: No summary available for dh-apport in ubuntu utopic.

No description available for dh-apport in ubuntu utopic.

python-apport: No summary available for python-apport in ubuntu utopic.

No description available for python-apport in ubuntu utopic.

python-problem-report: No summary available for python-problem-report in ubuntu utopic.

No description available for python-problem-report in ubuntu utopic.

python3-apport: No summary available for python3-apport in ubuntu utopic.

No description available for python3-apport in ubuntu utopic.

python3-problem-report: No summary available for python3-problem-report in ubuntu utopic.

No description available for python3-problem-report in ubuntu utopic.