Format: 1.8 Date: Tue, 29 Oct 2019 05:23:08 +0000 Source: apport Binary: apport apport-gtk apport-kde apport-noui apport-retrace apport-valgrind dh-apport python-apport python-problem-report python3-apport python3-problem-report Architecture: all amd64_translations Version: 2.20.11-0ubuntu8.1 Distribution: eoan Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Tiago Stürmer Daitx Description: apport - automatically generate crash reports for debugging apport-gtk - GTK+ frontend for the apport crash report system apport-kde - KDE frontend for the apport crash report system apport-noui - tools for automatically reporting Apport crash reports apport-retrace - tools for reprocessing Apport crash reports apport-valgrind - valgrind wrapper that first downloads debug symbols dh-apport - debhelper extension for the apport crash report system python-apport - Python library for Apport crash report handling python-problem-report - Python library to handle problem reports python3-apport - Python 3 library for Apport crash report handling python3-problem-report - Python 3 library to handle problem reports Launchpad-Bugs-Fixed: 1830862 1839413 1839415 1839420 1839795 Changes: apport (2.20.11-0ubuntu8.1) eoan-security; urgency=medium . * SECURITY UPDATE: apport reads arbitrary files if ~/.config/apport/settings is a symlink (LP: #1830862) - apport/fileutils.py: drop permissions before reading user settings file. - CVE-2019-11481 * SECURITY UPDATE: TOCTTOU race conditions and following symbolic links when creating a core file (LP: #1839413) - data/apport: use file descriptor to reference to cwd instead of strings. - CVE-2019-11482 * SECURITY UPDATE: fully user controllable lock file due to lock file being located in world-writable directory (LP: #1839415) - data/apport: create and use lock file from /var/lock/apport. - CVE-2019-11485 * SECURITY UPDATE: per-process user controllable Apport socket file (LP: #1839420) - data/apport: forward crashes only under a valid uid and gid, thanks Stéphane Graber for the patch. - CVE-2019-11483 * SECURITY UPDATE: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process (LP: #1839795) - data/apport: drop permissions before adding proc info (special thanks to Kevin Backhouse for the patch) - data/apport, apport/report.py, apport/ui.py: only access or open /proc/[pid] through a file descriptor for that directory. - CVE-2019-15790 Checksums-Sha1: ee85e8c64c93399ed5036bcdd03f401959fc7ca7 9712 apport-gtk_2.20.11-0ubuntu8.1_all.deb d478e9f17ce65be9847824469adec57d3a97891f 17876 apport-kde_2.20.11-0ubuntu8.1_all.deb 8ccd3836706ff6c73308d1a0dfa88f4672eeb8a2 1964 apport-noui_2.20.11-0ubuntu8.1_all.deb 0e9c38ee95d2d1a86538612c3304cda0b7837581 13092 apport-retrace_2.20.11-0ubuntu8.1_all.deb 9350b98c807144da2e4ced8af4ff93c4245ee954 5184 apport-valgrind_2.20.11-0ubuntu8.1_all.deb 62470fe96fc683eaab7d0c8947a9b6487cbb98bd 125700 apport_2.20.11-0ubuntu8.1_all.deb e9f4712322bd41bd9e2da7a7e7bf90138da53d3d 19703 apport_2.20.11-0ubuntu8.1_amd64.buildinfo d6ea59aed57d8689c38b789234725374de1ab538 1252184 apport_2.20.11-0ubuntu8.1_amd64_translations.tar.gz 0d3aa51c63743e7b551ddbbf41f0c42e435a8939 7312 dh-apport_2.20.11-0ubuntu8.1_all.deb c6110eb192050f2e233dd9188fc5f001171d1794 82812 python-apport_2.20.11-0ubuntu8.1_all.deb 219b8fd2a88b5f865e8dfc31e569f6e22bd7ec3f 10156 python-problem-report_2.20.11-0ubuntu8.1_all.deb 44859679ac7243beb03f1e65a624083235810a38 82932 python3-apport_2.20.11-0ubuntu8.1_all.deb 06b5aa660eae1f7ca6e3ddd0da37c1d7ae7efeeb 10260 python3-problem-report_2.20.11-0ubuntu8.1_all.deb Checksums-Sha256: 394b79745eab3f2bdcb71e66f1d6600ec4c01b7c49ce020749a2dd7d1edd0f61 9712 apport-gtk_2.20.11-0ubuntu8.1_all.deb 9a9ed0cce55bfedf25109a1d900acbf5ea0de55e64840bfc8b596b95bb89c7bc 17876 apport-kde_2.20.11-0ubuntu8.1_all.deb 184a87d3fb676d75f8bc24f274e709b5b87effcc2c0cdfb3efcfa1bdea1ca395 1964 apport-noui_2.20.11-0ubuntu8.1_all.deb 1e7e82c87b7d7f2e526f087b2ea223311aa2934494a4dcedffbeb3e51d7699fc 13092 apport-retrace_2.20.11-0ubuntu8.1_all.deb 9e7f8147bdd85a8fb610c81d7a0b7705f2988961316c9ee36d42acdea1f31e0c 5184 apport-valgrind_2.20.11-0ubuntu8.1_all.deb 552539ed83c5743cb27da78b625a49dde290e4600b38292e48bffb22f4e742d1 125700 apport_2.20.11-0ubuntu8.1_all.deb ef6e7ab1521e6ce0aa902bd38e5465817594360006cdc8d4973357fdcd1db95e 19703 apport_2.20.11-0ubuntu8.1_amd64.buildinfo 30d25f08a11bd50e11591795653af95d3f9ae2c9aeec98fd709d4c6f23d2d1ff 1252184 apport_2.20.11-0ubuntu8.1_amd64_translations.tar.gz 823d83e8a6d4fbefbccb8904bbc00352765bc58a8438068799200826b63fb50a 7312 dh-apport_2.20.11-0ubuntu8.1_all.deb e9d264da3de54f183f051f6fece98065a8316e252f1129a77a8117c5c888cebb 82812 python-apport_2.20.11-0ubuntu8.1_all.deb 5933a137a48c3febb5b4e887a72a2cd174651f934b6f1ceff29bdc3c37778894 10156 python-problem-report_2.20.11-0ubuntu8.1_all.deb 9581b117a70917208a364408d42e929016e9131c8e697a478a4f2f816c18f051 82932 python3-apport_2.20.11-0ubuntu8.1_all.deb 46f82a8b35c1eb866c53c8c3016a8f6aa10ad087069788ed4833251c01190399 10260 python3-problem-report_2.20.11-0ubuntu8.1_all.deb Files: 7d3c20d27bc37cb3a88fe3c6608c16ca 9712 gnome optional apport-gtk_2.20.11-0ubuntu8.1_all.deb 474fd5a7d600498884a7dfd969a278e8 17876 kde optional apport-kde_2.20.11-0ubuntu8.1_all.deb 614ebe0b01673daa6118180d77dff49f 1964 utils optional apport-noui_2.20.11-0ubuntu8.1_all.deb 8d2ab09e258f0819fe5a68f1e714ac94 13092 devel optional apport-retrace_2.20.11-0ubuntu8.1_all.deb 2ae867396880444aba680688eda58c49 5184 devel optional apport-valgrind_2.20.11-0ubuntu8.1_all.deb 2740359e1c13766f7dd784637f4b3874 125700 utils optional apport_2.20.11-0ubuntu8.1_all.deb 8e13e632d4b3434d4c079eb70828300a 19703 utils optional apport_2.20.11-0ubuntu8.1_amd64.buildinfo 56cabfe4118a09a956b7bf462a06e5ea 1252184 raw-translations - apport_2.20.11-0ubuntu8.1_amd64_translations.tar.gz fb0f48438191ca0a07e0558db90316cc 7312 devel optional dh-apport_2.20.11-0ubuntu8.1_all.deb 485a673e8a221a11d03d29e760057d07 82812 python optional python-apport_2.20.11-0ubuntu8.1_all.deb 1e7ab283253c998aa6b7766399a533a7 10156 python optional python-problem-report_2.20.11-0ubuntu8.1_all.deb 08a58c54124f6bfe90a151912a1f67d2 82932 python optional python3-apport_2.20.11-0ubuntu8.1_all.deb d775409a0e89b82e491b32ec81ecc77c 10260 python optional python3-problem-report_2.20.11-0ubuntu8.1_all.deb