[ubuntu/wily-proposed] apport 2.17.3-0ubuntu1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Thu May 21 17:03:12 UTC 2015
apport (2.17.3-0ubuntu1) wily; urgency=medium
* New upstream release:
- SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges.
Now core files do not get written for these kinds of programs, in
accordance with the intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
- SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind
and re-read it. This prevents the user from modifying the .crash report
file while "apport" is running to inject data and creating crafted core
dump files. In conjunction with the above vulnerability of writing core
dump files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)
- apportcheckresume: Fix "occured" typo, thanks Matthew Paul Thomas.
(LP: #1448636)
- signal_crashes test: Fix test_crash_setuid_* to look at whether
suid_dumpable was enabled.
- test/run: Run UI tests under dbus-launch, newer GTK versions require this
now.
Date: Wed, 20 May 2015 16:58:35 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.17.3-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 20 May 2015 16:58:35 +0200
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: source
Version: 2.17.3-0ubuntu1
Distribution: wily
Urgency: medium
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
apport - automatically generate crash reports for debugging
apport-gtk - GTK+ frontend for the apport crash report system
apport-kde - KDE frontend for the apport crash report system
apport-noui - tools for automatically reporting Apport crash reports
apport-retrace - tools for reprocessing Apport crash reports
apport-valgrind - valgrind wrapper that first downloads debug symbols
dh-apport - debhelper extension for the apport crash report system
python-apport - Python library for Apport crash report handling
python-problem-report - Python library to handle problem reports
python3-apport - Python 3 library for Apport crash report handling
python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1448636 1452239 1453900
Changes:
apport (2.17.3-0ubuntu1) wily; urgency=medium
.
* New upstream release:
- SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges.
Now core files do not get written for these kinds of programs, in
accordance with the intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
- SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind
and re-read it. This prevents the user from modifying the .crash report
file while "apport" is running to inject data and creating crafted core
dump files. In conjunction with the above vulnerability of writing core
dump files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)
- apportcheckresume: Fix "occured" typo, thanks Matthew Paul Thomas.
(LP: #1448636)
- signal_crashes test: Fix test_crash_setuid_* to look at whether
suid_dumpable was enabled.
- test/run: Run UI tests under dbus-launch, newer GTK versions require this
now.
Checksums-Sha1:
705957794e0212391725efbab632aa84ed858dc2 2887 apport_2.17.3-0ubuntu1.dsc
4c85523fb7cfee2b5879d25f10f0039b6ad696e2 1305402 apport_2.17.3.orig.tar.gz
892065f1b8e7bd59832842866ce3bbee74947f17 145044 apport_2.17.3-0ubuntu1.diff.gz
Checksums-Sha256:
c5fd102c179997e558aeca3dda39e9e1e3448586b12e14c35b4e28b268200e4c 2887 apport_2.17.3-0ubuntu1.dsc
4ea043d3d8c80429b0afca6d97ddfe0a5d35587c6a8288166e9e6c150adb35af 1305402 apport_2.17.3.orig.tar.gz
b482e5eba2ae8c25082987ba86e63cc23fc0f0c92820c1a21a5804a7b6b0cb88 145044 apport_2.17.3-0ubuntu1.diff.gz
Files:
aa9d660ba6cf4fb9d6966c7340c06b88 2887 utils optional apport_2.17.3-0ubuntu1.dsc
d1b135246b93e56f94de54de0d9cbfe2 1305402 utils optional apport_2.17.3.orig.tar.gz
6ed03f52f6dfcc1c5101146a1e343a54 145044 utils optional apport_2.17.3-0ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVXKEuAAoJENFO8V2v4RNHXOQP/3+OEZxErWF5dQpvBSLJkvJc
uAlrLkcjOAqMcDyeJye+IMGh9bYhFV87JNvcSgKr+oCzItNmxaamRtpV5uFWA9Be
JmVJ8zyU+I6tVZByrQ+lPt+/gAdJ9c96qeotFKBpoQy+1zLuTgOOY20jWgVhlM6B
jbfWVo8CpyMrXtjIbGtbtwz/V8S7WBkpIgXL76HaE+7mBvvwZ90TbKLYkuN+mnz7
CCP6OpLvmpPJT4YR0vqCSvimgm7jGbd8L7tK2vgCF1mbIVH3hWzSBFZSi1y5Uijf
HVZuzj8HOCyNREABYqEsI5+fn+UBR3gt7xzKJs/3Uate8Rs2ZAFvnJNSRa7eogdC
D23THM7gAm8g21C8fK2UgPfc/EtgcODLvXC7zVbXAzjNpvzaA/LaAKuWV93L8Ilu
1UpIuhEINjCvKFUIzdOEOK/CVwyf534ia9mdW6a6M1ajR72o/21YlTE+OMaR5JHj
UqlDlmlnfpAcBISfzrFwYMV8nBN+eeEjWWQFq/HJ26xb/FPZRsbslHb015hli6XZ
dI6DgPfVS3lDqPAKQzF3Tds0jY2lyJv8+IWx/BO8WOfMvwAee880NufjZAZLVQPk
bXZLC25fa0VSQCvvm+Qan3o79ejUfABET18R4zeZbtYhOdR5ooVaEUJI3HABcbdK
YNnEQUaXRJrbCItbNVwH
=3DWc
-----END PGP SIGNATURE-----
More information about the Wily-changes
mailing list