[ubuntu/wily-proposed] apport 2.19-0ubuntu1 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Tue Sep 29 15:16:52 UTC 2015 

apport (2.19-0ubuntu1) wily; urgency=medium

  * New upstream release:
    - apport: Drop re-nicing. This might decrease the time a user has to wait
      for apport to finish the core dump for a crashed/hanging foreground
      process.  (See LP #1278780)
    - kernel_crashdump: Enforce that the log/dmesg files are not a symlink.
      This prevents normal users from pre-creating a symlink to the
      predictable .crash file, and thus triggering a "fill up disk" DoS attack
      when the .crash report tries to include itself. Thanks to halfdog for
      discovering this!  (CVE-2015-1338, part of LP #1492570)
    - SECURITY FIX: Fix all writers of report files (package_hook,
      kernel_crashdump, and similar) to open the report file exclusively,
      i. e.  fail if they already exist. This prevents privilege escalation
      through symlink attacks. Note that this will also prevent overwriting
      previous reports with the same same. Thanks to halfdog for discovering
      this!  (CVE-2015-1338, LP: #1492570)
    - apport: Ignore process restarts from systemd's watchdog. Their traces
      are usually useless as they don't have any information about the actual
      reasaon why processes hang (like VM suspends or kernel lockups with bad
      hardware) (LP: #1433320)

Date: Thu, 24 Sep 2015 14:41:54 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.19-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 24 Sep 2015 14:41:54 +0200
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: source
Version: 2.19-0ubuntu1
Distribution: wily
Urgency: medium
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
 apport     - automatically generate crash reports for debugging
 apport-gtk - GTK+ frontend for the apport crash report system
 apport-kde - KDE frontend for the apport crash report system
 apport-noui - tools for automatically reporting Apport crash reports
 apport-retrace - tools for reprocessing Apport crash reports
 apport-valgrind - valgrind wrapper that first downloads debug symbols
 dh-apport  - debhelper extension for the apport crash report system
 python-apport - Python library for Apport crash report handling
 python-problem-report - Python library to handle problem reports
 python3-apport - Python 3 library for Apport crash report handling
 python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1433320 1492570
Changes:
 apport (2.19-0ubuntu1) wily; urgency=medium
 .
   * New upstream release:
     - apport: Drop re-nicing. This might decrease the time a user has to wait
       for apport to finish the core dump for a crashed/hanging foreground
       process.  (See LP #1278780)
     - kernel_crashdump: Enforce that the log/dmesg files are not a symlink.
       This prevents normal users from pre-creating a symlink to the
       predictable .crash file, and thus triggering a "fill up disk" DoS attack
       when the .crash report tries to include itself. Thanks to halfdog for
       discovering this!  (CVE-2015-1338, part of LP #1492570)
     - SECURITY FIX: Fix all writers of report files (package_hook,
       kernel_crashdump, and similar) to open the report file exclusively,
       i. e.  fail if they already exist. This prevents privilege escalation
       through symlink attacks. Note that this will also prevent overwriting
       previous reports with the same same. Thanks to halfdog for discovering
       this!  (CVE-2015-1338, LP: #1492570)
     - apport: Ignore process restarts from systemd's watchdog. Their traces
       are usually useless as they don't have any information about the actual
       reasaon why processes hang (like VM suspends or kernel lockups with bad
       hardware) (LP: #1433320)
Checksums-Sha1:
 866e05539b11e012d5c4154627cb7968a84684c3 2873 apport_2.19-0ubuntu1.dsc
 2d9cfc583cf128b2e262f22ea5f1fad19f52dfe6 1371751 apport_2.19.orig.tar.gz
 707bcfd3f485040123a95dc86792ac8cbabb6a92 147906 apport_2.19-0ubuntu1.diff.gz
Checksums-Sha256:
 e7e8f46f32c5c50a3a5f35a9cfce3753131071e8180fca689f13074693977b93 2873 apport_2.19-0ubuntu1.dsc
 e1b9d9d56318786a298e2e60c3063ce1e04d024de372a1d8cfda8fbc68132248 1371751 apport_2.19.orig.tar.gz
 e9c943dc1b074deb11aa5f81b04c321d74111fa29373e228c48d7c27a4bb812d 147906 apport_2.19-0ubuntu1.diff.gz
Files:
 db789b3b05d51c88a62e7bba7ec3eb20 2873 utils optional apport_2.19-0ubuntu1.dsc
 ebff5786e24c845f8c56ec265788584d 1371751 utils optional apport_2.19.orig.tar.gz
 2f5bef1af5cc857096f90c9bca7b34b8 147906 utils optional apport_2.19-0ubuntu1.diff.gz

More information about the Wily-changes mailing list