lp:~ubuntu-core-dev/ubuntu/utopic/apport/ubuntu

Created by Martin Pitt on 2014-04-24 and last modified on 2015-05-21
Get this branch:
bzr branch lp:~ubuntu-core-dev/ubuntu/utopic/apport/ubuntu
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu Core Development Team
Status:
Development

Recent revisions

2375. By Martin Pitt on 2015-05-13

releasing package apport version 2.14.7-0ubuntu8.5

2374. By Martin Pitt on 2015-05-13

SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind and
re-read it. This prevents the user from modifying the .crash report file
while "apport" is running to inject data and creating crafted core dump
files. In conjunction with the above vulnerability of writing core dump
files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)

2373. By Martin Pitt on 2015-05-13

SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)

2372. By Martin Pitt on 2015-05-08

test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.

2371. By Martin Pitt on 2015-05-08

releasing package apport version 2.14.7-0ubuntu8.4

2370. By Martin Pitt on 2015-05-08

* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
  - data/apport: temporarily disable container support until it can be
    re-written in a secure manner.
  - CVE number pending

2369. By Martin Pitt on 2015-05-08

releasing package apport version 2.14.7-0ubuntu8.3

2368. By Martin Pitt on 2015-05-08

* SECURITY UPDATE: privilege escalation through namespaces and crafted
  chroot (LP: #1438345)
  - data/apport: If crash comes from a container, rather than
    chrooting into it, detect what LXC container it is and then use the
    attach_wait API call to execute apport in the container.
  - data/apport: Don't fail when encountering unicode characters.
    (Thanks to Martin Pitt)
  - test/test_signal_crashes.py: Test for the unicode fix.
    (Thanks to Martin Pitt)
  - CVE-2015-1318

2367. By Brian Murray on 2015-02-05

releasing package apport version 2.14.7-0ubuntu8.2

2366. By Brian Murray on 2015-02-05

apport/ui.py: Only provide a UI to hooks if the crash db will accept the
report. This avoids asking questions if the report is merely sent to
whoopsie for Ubuntu stable releases. (LP: #1084979)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.