apport 2.20.4-0ubuntu4.7 source package in Ubuntu
Changelog
apport (2.20.4-0ubuntu4.7) zesty-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Thu, 09 Nov 2017 15:36:32 -0800
Upload details
- Uploaded by:
- Brian Murray
- Sponsored by:
- Tyler Hicks
- Uploaded to:
- Zesty
- Original maintainer:
- Martin Pitt
- Architectures:
- all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apport_2.20.4.orig.tar.gz | 1.1 MiB | 4836252a61184fbc6ee526032bb5334db216efcf4ac3069ff1a9ab4fa130b985 |
| apport_2.20.4-0ubuntu4.7.diff.gz | 156.3 KiB | 3e21306a7254c4c73db2e7e5a4c4fdd0eee85ae2dc5f48d9ad050a1cdedd27d9 |
| apport_2.20.4-0ubuntu4.7.dsc | 3.0 KiB | 2b316b83fa3b8a84a9c176006f159b7c1d31382bea827b8178c1d1af17100f1e |
Available diffs
Binary packages built by this source
- apport: No summary available for apport in ubuntu zesty.
No description available for apport in ubuntu zesty.
- apport-gtk: No summary available for apport-gtk in ubuntu zesty.
No description available for apport-gtk in ubuntu zesty.
- apport-kde: No summary available for apport-kde in ubuntu zesty.
No description available for apport-kde in ubuntu zesty.
- apport-noui: No summary available for apport-noui in ubuntu zesty.
No description available for apport-noui in ubuntu zesty.
- apport-retrace: No summary available for apport-retrace in ubuntu zesty.
No description available for apport-retrace in ubuntu zesty.
- apport-valgrind: No summary available for apport-valgrind in ubuntu zesty.
No description available for apport-valgrind in ubuntu zesty.
- dh-apport: No summary available for dh-apport in ubuntu zesty.
No description available for dh-apport in ubuntu zesty.
- python-apport: No summary available for python-apport in ubuntu zesty.
No description available for python-apport in ubuntu zesty.
- python-problem-report: No summary available for python-problem-report in ubuntu zesty.
No description available for python-
problem- report in ubuntu zesty.
- python3-apport: No summary available for python3-apport in ubuntu zesty.
No description available for python3-apport in ubuntu zesty.
- python3-problem-report: No summary available for python3-problem-report in ubuntu zesty.
No description available for python3-
problem- report in ubuntu zesty.
