apport 2.17.2-0ubuntu1.1 source package in Ubuntu

Changelog

apport (2.17.2-0ubuntu1.1) vivid-security; urgency=medium

  * SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
    program that is suid root or not readable for the user would create
    root-owned core files in the current directory of that program.  Creating
    specially crafted core files in /etc/logrotate.d or similar could then
    lead to arbitrary code execution with root privileges.  Now core files do
    not get written for these kinds of programs, in accordance with the
    intention of core(5).
    Thanks to Sander Bos for discovering this issue!
    (CVE-2015-1324, LP: #1452239)
  * SECURITY UPDATE: When writing a core dump file for a crashed packaged
    program, don't close and reopen the .crash report file but just rewind and
    re-read it. This prevents the user from modifying the .crash report file
    while "apport" is running to inject data and creating crafted core dump
    files. In conjunction with the above vulnerability of writing core dump
    files to arbitrary directories this could be exploited to gain root
    privileges.
    Thanks to Philip Pettersson for discovering this issue!
    (CVE-2015-1325, LP: #1453900)
  * test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
    test_nonwritable_cwd() uses a different dir.
  * signal_crashes test: Fix test_crash_setuid_* to look at whether
    suid_dumpable was enabled.
  * Disable KDE tests for the time being. apport-kde consistently crashes
    in PyQT5 since vivid (LP #1442512), don't block package migration on this.

 -- Martin Pitt <email address hidden>  Wed, 13 May 2015 11:42:59 +0200

Upload details

Uploaded by:
Martin Pitt on 2015-05-15
Sponsored by:
Marc Deslauriers
Uploaded to:
Vivid
Original maintainer:
Martin Pitt
Architectures:
all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Vivid: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
apport_2.17.2.orig.tar.gz 1.2 MiB ccf58f686f5b313efa73b8a6c09cbf749a1a1cf168ea6c373235a6b7e9023852
apport_2.17.2-0ubuntu1.1.diff.gz 146.4 KiB 58c38fa0fff76b461ab1869172706674d664f3ebfa48ee01bfbed70a93984804
apport_2.17.2-0ubuntu1.1.dsc 2.8 KiB 1b3f8f7a49be816ecf94f3373a0f581cda9ff9ba05b823ae4d541cd3d7fabdc8

View changes file

Binary packages built by this source

apport: No summary available for apport in ubuntu vivid.

No description available for apport in ubuntu vivid.

apport-gtk: No summary available for apport-gtk in ubuntu vivid.

No description available for apport-gtk in ubuntu vivid.

apport-kde: No summary available for apport-kde in ubuntu vivid.

No description available for apport-kde in ubuntu vivid.

apport-noui: No summary available for apport-noui in ubuntu vivid.

No description available for apport-noui in ubuntu vivid.

apport-retrace: No summary available for apport-retrace in ubuntu vivid.

No description available for apport-retrace in ubuntu vivid.

apport-valgrind: No summary available for apport-valgrind in ubuntu vivid.

No description available for apport-valgrind in ubuntu vivid.

dh-apport: No summary available for dh-apport in ubuntu vivid.

No description available for dh-apport in ubuntu vivid.

python-apport: No summary available for python-apport in ubuntu vivid.

No description available for python-apport in ubuntu vivid.

python-problem-report: No summary available for python-problem-report in ubuntu vivid.

No description available for python-problem-report in ubuntu vivid.

python3-apport: No summary available for python3-apport in ubuntu vivid.

No description available for python3-apport in ubuntu vivid.

python3-problem-report: No summary available for python3-problem-report in ubuntu vivid.

No description available for python3-problem-report in ubuntu vivid.