Format: 1.8 Date: Tue, 10 May 2022 09:23:35 -0400 Source: apport Binary: apport apport-gtk apport-kde apport-noui apport-retrace apport-valgrind dh-apport python3-apport python3-problem-report Architecture: all amd64_translations Version: 2.20.11-0ubuntu27.24 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apport - automatically generate crash reports for debugging apport-gtk - GTK+ frontend for the apport crash report system apport-kde - KDE frontend for the apport crash report system apport-noui - tools for automatically reporting Apport crash reports apport-retrace - tools for reprocessing Apport crash reports apport-valgrind - valgrind wrapper that first downloads debug symbols dh-apport - debhelper extension for the apport crash report system python3-apport - Python 3 library for Apport crash report handling python3-problem-report - Python 3 library to handle problem reports Changes: apport (2.20.11-0ubuntu27.24) focal-security; urgency=medium . * SECURITY UPDATE: Fix multiple security issues - test/test_report.py: Fix flaky test. - data/apport: Fix too many arguments for error_log(). - data/apport: Use proper argument variable name executable_path. - etc/init.d/apport: Set core_pipe_limit to a non-zero value to make sure the kernel waits for apport to finish before removing the /proc information. - apport/fileutils.py, data/apport: Search for executable name if one wan't provided such as when being called in a container. - data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654, CVE-2022-28656) - data/apport, apport/fileutils.py, test/test_fileutils.py: Validate D-Bus socket location. (CVE-2022-28655) - apport/fileutils.py, test/test_fileutils.py: Turn off interpolation in get_config() to prevent DoS attacks. (CVE-2022-28652) - Refactor duplicate code into search_map() function. - Switch from chroot to container to validating socket owner. (CVE-2022-1242, CVE-2022-28657) - data/apport: Clarify error message. - apport/fileutils.py: Fix typo in comment. - apport/fileutils.py: Do not call str in loop. - data/apport, etc/init.d/apport: Switch to using non-positional arguments. Get real UID and GID from the kernel and make sure they match the process. Also fix executable name space handling in argument parsing. (CVE-2022-28658, CVE-2021-3899) Checksums-Sha1: 3ec8e7cd3558a69fac552fd165b21d2eb8b22f8d 9728 apport-gtk_2.20.11-0ubuntu27.24_all.deb 7c9a6bf76166419345d4d3b0d20beff812183499 17884 apport-kde_2.20.11-0ubuntu27.24_all.deb 8a4515ed2f84b64988aa2b881243869062244cde 1964 apport-noui_2.20.11-0ubuntu27.24_all.deb 2057dad0571515eb4de4f420dcbce06378cabc61 13096 apport-retrace_2.20.11-0ubuntu27.24_all.deb 4f37977fea77d81f94cfe652f1cffb1500902061 5176 apport-valgrind_2.20.11-0ubuntu27.24_all.deb 35b5fb3d5e6a1f1e627299045cd1f8ef85c76f42 129256 apport_2.20.11-0ubuntu27.24_all.deb 7561bc8c23f8aeb952888e10d9ef2b80d4e19e86 19490 apport_2.20.11-0ubuntu27.24_amd64.buildinfo 1ec76e806855e15159e5fb05a7ebb923380a28b9 1260364 apport_2.20.11-0ubuntu27.24_amd64_translations.tar.gz f55b711be1363283e81200a90f6b554d5cd9e45d 7256 dh-apport_2.20.11-0ubuntu27.24_all.deb a26b628eebf4ea9ba43a0921b34c0aea68b8806f 86360 python3-apport_2.20.11-0ubuntu27.24_all.deb 84d6d0aa8694ecf397534dd7a11d440bc695d882 10188 python3-problem-report_2.20.11-0ubuntu27.24_all.deb Checksums-Sha256: 90063e8cb7a1b699e0ffc62db8340bf6b6e646d7468a38af29aeb5695dc4baa2 9728 apport-gtk_2.20.11-0ubuntu27.24_all.deb 46af91d1507217dff98dbf1e17ccb673397d83306e490279e2560cefb3f34250 17884 apport-kde_2.20.11-0ubuntu27.24_all.deb 0c36a309315b7a15c6756ac847ba28251e3e194b80070371481ef2b6bdc326c7 1964 apport-noui_2.20.11-0ubuntu27.24_all.deb 66f70b5fb6d419fcee275b2d185ffbf3ea5db4ba8a4a1296c2e4bd26ff068082 13096 apport-retrace_2.20.11-0ubuntu27.24_all.deb 0b73fa7ddd004a7fad521a9efaff40a15521451b441586d016884d2b82d69e91 5176 apport-valgrind_2.20.11-0ubuntu27.24_all.deb 3142108c0422380da7aabe881b5bfbc5d8b4826e0dbabaa7df5d5fc2345f3914 129256 apport_2.20.11-0ubuntu27.24_all.deb c3080b6e490c0f5f85d28cc1993f74606fd2595662db9d69e1253f0fbf331362 19490 apport_2.20.11-0ubuntu27.24_amd64.buildinfo 78e98554f0ff755014f571907cbe7b5f8e510f80b6a8cd2690eff17b45081832 1260364 apport_2.20.11-0ubuntu27.24_amd64_translations.tar.gz a04817aceaa8082c3035c7c476644cb752d34253b1339c7fc2ee3c9da2a38a84 7256 dh-apport_2.20.11-0ubuntu27.24_all.deb 1e7e9c175d65d15d3d4dc2aa41bb8a9b9a5f27f69f5d73404b35256a200c9ccc 86360 python3-apport_2.20.11-0ubuntu27.24_all.deb 65971eb8296b42a9b1fddb6a3467f34483706d00d5298a6ca88f27f73c5caf8b 10188 python3-problem-report_2.20.11-0ubuntu27.24_all.deb Files: 66e7d6fcb9b0b9af74cb741265347008 9728 gnome optional apport-gtk_2.20.11-0ubuntu27.24_all.deb 1b632eb97e50e714650150dcd88f97bc 17884 kde optional apport-kde_2.20.11-0ubuntu27.24_all.deb 561124c882e767b85e3214e4b47cf753 1964 utils optional apport-noui_2.20.11-0ubuntu27.24_all.deb 5c3c1f47ee6b45aa5ef6da17a18af948 13096 devel optional apport-retrace_2.20.11-0ubuntu27.24_all.deb 77db13ae82dd5058970c716b83219d5f 5176 devel optional apport-valgrind_2.20.11-0ubuntu27.24_all.deb 2bac31f83f8a64df8c05dca506305487 129256 utils optional apport_2.20.11-0ubuntu27.24_all.deb bd27d6b09c08da9085d347cc0fdacb18 19490 utils optional apport_2.20.11-0ubuntu27.24_amd64.buildinfo c2145798da593efe908dcf73a92f5303 1260364 raw-translations - apport_2.20.11-0ubuntu27.24_amd64_translations.tar.gz 140fcd342b7cbef1e8d79704170052a4 7256 devel optional dh-apport_2.20.11-0ubuntu27.24_all.deb 9e7a31c21120af80bbca8e13b4584ea5 86360 python optional python3-apport_2.20.11-0ubuntu27.24_all.deb e6581e2253277017dc5eee677dbf5153 10188 python optional python3-problem-report_2.20.11-0ubuntu27.24_all.deb