apport 2.20.11-0ubuntu8.1 source package in Ubuntu
Changelog
apport (2.20.11-0ubuntu8.1) eoan-security; urgency=medium
* SECURITY UPDATE: apport reads arbitrary files if ~/.config/apport/settings
is a symlink (LP: #1830862)
- apport/fileutils.py: drop permissions before reading user settings file.
- CVE-2019-11481
* SECURITY UPDATE: TOCTTOU race conditions and following symbolic
links when creating a core file (LP: #1839413)
- data/apport: use file descriptor to reference to cwd instead
of strings.
- CVE-2019-11482
* SECURITY UPDATE: fully user controllable lock file due to lock file
being located in world-writable directory (LP: #1839415)
- data/apport: create and use lock file from /var/lock/apport.
- CVE-2019-11485
* SECURITY UPDATE: per-process user controllable Apport socket file
(LP: #1839420)
- data/apport: forward crashes only under a valid uid and gid,
thanks Stéphane Graber for the patch.
- CVE-2019-11483
* SECURITY UPDATE: PID recycling enables an unprivileged user to
generate and read a crash report for a privileged process (LP: #1839795)
- data/apport: drop permissions before adding proc info (special thanks
to Kevin Backhouse for the patch)
- data/apport, apport/report.py, apport/ui.py: only access or open
/proc/[pid] through a file descriptor for that directory.
- CVE-2019-15790
-- Tiago Stürmer Daitx <email address hidden> Tue, 29 Oct 2019 05:23:08 +0000
Upload details
- Uploaded by:
- Tiago Stürmer Daitx
- Sponsored by:
- Alex Murray
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apport_2.20.11-0ubuntu8.1.tar.gz | 1.3 MiB | 509dda2856711512b245445a85de19629d12ea68caae72ba9d65a8af79b18596 |
| apport_2.20.11-0ubuntu8.1.dsc | 2.5 KiB | c8552dd3ab5a5a9f6950d97c6d4fec8796234a9bed86f16cef48ebe95b8eff51 |
Available diffs
Binary packages built by this source
- apport: No summary available for apport in ubuntu eoan.
No description available for apport in ubuntu eoan.
- apport-gtk: No summary available for apport-gtk in ubuntu eoan.
No description available for apport-gtk in ubuntu eoan.
- apport-kde: No summary available for apport-kde in ubuntu eoan.
No description available for apport-kde in ubuntu eoan.
- apport-noui: No summary available for apport-noui in ubuntu eoan.
No description available for apport-noui in ubuntu eoan.
- apport-retrace: No summary available for apport-retrace in ubuntu eoan.
No description available for apport-retrace in ubuntu eoan.
- apport-valgrind: No summary available for apport-valgrind in ubuntu eoan.
No description available for apport-valgrind in ubuntu eoan.
- dh-apport: No summary available for dh-apport in ubuntu eoan.
No description available for dh-apport in ubuntu eoan.
- python-apport: No summary available for python-apport in ubuntu eoan.
No description available for python-apport in ubuntu eoan.
- python-problem-report: No summary available for python-problem-report in ubuntu eoan.
No description available for python-
problem- report in ubuntu eoan.
- python3-apport: No summary available for python3-apport in ubuntu eoan.
No description available for python3-apport in ubuntu eoan.
- python3-problem-report: No summary available for python3-problem-report in ubuntu eoan.
No description available for python3-
problem- report in ubuntu eoan.
