apport 2.17.2-0ubuntu1.1 source package in Ubuntu
Changelog
apport (2.17.2-0ubuntu1.1) vivid-security; urgency=medium * SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a program that is suid root or not readable for the user would create root-owned core files in the current directory of that program. Creating specially crafted core files in /etc/logrotate.d or similar could then lead to arbitrary code execution with root privileges. Now core files do not get written for these kinds of programs, in accordance with the intention of core(5). Thanks to Sander Bos for discovering this issue! (CVE-2015-1324, LP: #1452239) * SECURITY UPDATE: When writing a core dump file for a crashed packaged program, don't close and reopen the .crash report file but just rewind and re-read it. This prevents the user from modifying the .crash report file while "apport" is running to inject data and creating crafted core dump files. In conjunction with the above vulnerability of writing core dump files to arbitrary directories this could be exploited to gain root privileges. Thanks to Philip Pettersson for discovering this issue! (CVE-2015-1325, LP: #1453900) * test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(), test_nonwritable_cwd() uses a different dir. * signal_crashes test: Fix test_crash_setuid_* to look at whether suid_dumpable was enabled. * Disable KDE tests for the time being. apport-kde consistently crashes in PyQT5 since vivid (LP #1442512), don't block package migration on this. -- Martin Pitt <email address hidden> Wed, 13 May 2015 11:42:59 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Vivid
- Original maintainer:
- Martin Pitt
- Architectures:
- all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
apport_2.17.2.orig.tar.gz | 1.2 MiB | ccf58f686f5b313efa73b8a6c09cbf749a1a1cf168ea6c373235a6b7e9023852 |
apport_2.17.2-0ubuntu1.1.diff.gz | 146.4 KiB | 58c38fa0fff76b461ab1869172706674d664f3ebfa48ee01bfbed70a93984804 |
apport_2.17.2-0ubuntu1.1.dsc | 2.8 KiB | 1b3f8f7a49be816ecf94f3373a0f581cda9ff9ba05b823ae4d541cd3d7fabdc8 |
Available diffs
Binary packages built by this source
- apport: No summary available for apport in ubuntu vivid.
No description available for apport in ubuntu vivid.
- apport-gtk: No summary available for apport-gtk in ubuntu vivid.
No description available for apport-gtk in ubuntu vivid.
- apport-kde: No summary available for apport-kde in ubuntu vivid.
No description available for apport-kde in ubuntu vivid.
- apport-noui: No summary available for apport-noui in ubuntu vivid.
No description available for apport-noui in ubuntu vivid.
- apport-retrace: No summary available for apport-retrace in ubuntu vivid.
No description available for apport-retrace in ubuntu vivid.
- apport-valgrind: No summary available for apport-valgrind in ubuntu vivid.
No description available for apport-valgrind in ubuntu vivid.
- dh-apport: No summary available for dh-apport in ubuntu vivid.
No description available for dh-apport in ubuntu vivid.
- python-apport: No summary available for python-apport in ubuntu vivid.
No description available for python-apport in ubuntu vivid.
- python-problem-report: No summary available for python-problem-report in ubuntu vivid.
No description available for python-
problem- report in ubuntu vivid.
- python3-apport: No summary available for python3-apport in ubuntu vivid.
No description available for python3-apport in ubuntu vivid.
- python3-problem-report: No summary available for python3-problem-report in ubuntu vivid.
No description available for python3-
problem- report in ubuntu vivid.