[ubuntu/vivid-proposed] apport 2.17.1-0ubuntu1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Tue Apr 14 14:31:25 UTC 2015
apport (2.17.1-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release:
- SECURITY UPDATE: Fix root privilege escalation through crash forwarding
to containers.
Version 2.13 introduced forwarding a crash to a container's apport. By
crafting a specific file system structure, entering it as a namespace
("container"), and crashing something in it, a local user could access
arbitrary files on the host system with root privileges.
Thanks to Stéphane Graber for discovering and fixing this!
(CVE-2015-1318, LP: #1438758)
- apport-kde tests: Fix imports to make tests work again.
- Fix UnicodeDecodeError on parsing non-ASCII environment variables.
- apport: use the proper pid when calling apport in another PID namespace.
Thanks Brian Murray. (LP: #1300235)
Date: Tue, 14 Apr 2015 09:10:17 -0500
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.17.1-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 14 Apr 2015 09:10:17 -0500
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: source
Version: 2.17.1-0ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
apport - automatically generate crash reports for debugging
apport-gtk - GTK+ frontend for the apport crash report system
apport-kde - KDE frontend for the apport crash report system
apport-noui - tools for automatically reporting Apport crash reports
apport-retrace - tools for reprocessing Apport crash reports
apport-valgrind - valgrind wrapper that first downloads debug symbols
dh-apport - debhelper extension for the apport crash report system
python-apport - Python library for Apport crash report handling
python-problem-report - Python library to handle problem reports
python3-apport - Python 3 library for Apport crash report handling
python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1300235 1438758
Changes:
apport (2.17.1-0ubuntu1) vivid; urgency=medium
.
* New upstream bug fix release:
- SECURITY UPDATE: Fix root privilege escalation through crash forwarding
to containers.
Version 2.13 introduced forwarding a crash to a container's apport. By
crafting a specific file system structure, entering it as a namespace
("container"), and crashing something in it, a local user could access
arbitrary files on the host system with root privileges.
Thanks to Stéphane Graber for discovering and fixing this!
(CVE-2015-1318, LP: #1438758)
- apport-kde tests: Fix imports to make tests work again.
- Fix UnicodeDecodeError on parsing non-ASCII environment variables.
- apport: use the proper pid when calling apport in another PID namespace.
Thanks Brian Murray. (LP: #1300235)
Checksums-Sha1:
40d47501b4615e213bad78570d30daca645317b7 2888 apport_2.17.1-0ubuntu1.dsc
64e912eb96d0f7faccbbd82039a1201f631ecc46 1296051 apport_2.17.1.orig.tar.gz
cbe751e09f54df4e380a2aa0f9ec187b2a6b3e0d 143791 apport_2.17.1-0ubuntu1.diff.gz
Checksums-Sha256:
9f7f2ce6619122eec3d074708471d1437d93a3cee5f2834ef3c4f7f86de060f5 2888 apport_2.17.1-0ubuntu1.dsc
6b16e3e3aca655b4e49524eddf494911bd474e109e9fdf954fee3cf98eb49cd0 1296051 apport_2.17.1.orig.tar.gz
dede42a97f1def55dfbb1a9bf7e1c6cfbc2e4e2b7922d5fc418205215f571946 143791 apport_2.17.1-0ubuntu1.diff.gz
Files:
b3531e3648713528a3d4d8d6836b0a5d 2888 utils optional apport_2.17.1-0ubuntu1.dsc
163cbe8cf0f9f340fd75662fcee8a8a4 1296051 utils optional apport_2.17.1.orig.tar.gz
f22c699ff6b8d24bb6bcb74d52921623 143791 utils optional apport_2.17.1-0ubuntu1.diff.gz
More information about the Vivid-changes
mailing list