UbuntuUpdates.org

Package "apport"

Name: apport

Description:

automatically generate crash reports for debugging

Latest version: 2.20.11-0ubuntu27.21
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://wiki.ubuntu.com/Apport

Links


Download "apport"


Other versions of "apport" in Focal

Repository Area Version
base universe 2.20.11-0ubuntu27
base main 2.20.11-0ubuntu27
security universe 2.20.11-0ubuntu27.21
updates main 2.20.11-0ubuntu27.21
updates universe 2.20.11-0ubuntu27.21

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.20.11-0ubuntu27.21 2021-10-25 12:06:23 UTC

  apport (2.20.11-0ubuntu27.21) focal-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation via core files
    - refactor privilege dropping and create core files in a well-known
      directory in apport/fileutils.py, apport/report.py, data/apport,
      test/test_fileutils.py, test/test_report.py,
      test/test_signal_crashes.py, test/test_ui.py.
    - use systemd-tmpfiles to create and manage the well-known core file
      directory in setup.py, data/systemd/apport.conf,
      debian/apport.install.

 -- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400

Source diff to previous version

Version: 2.20.11-0ubuntu27.20 2021-09-14 13:06:20 UTC

  apport (2.20.11-0ubuntu27.20) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file read (LP: #1934308)
    - data/general-hooks/ubuntu.py: don't attempt to include emacs
      byte-compilation logs, they haven't been generated by the emacs
      packages in a long time.
    - CVE-2021-3709
  * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832)
    - apport/hookutils.py, test/test_hookutils.py: detect path traversal
      attacks, and directory symlinks.
    - CVE-2021-3710

 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:30:01 -0400

Source diff to previous version
CVE-2021-3709 RESERVED
CVE-2021-3710 RESERVED

Version: 2.20.11-0ubuntu27.18 2021-05-25 18:06:32 UTC

  apport (2.20.11-0ubuntu27.18) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
    - apport/hookutils.py: don't follow symlinks and make sure the file
      isn't a FIFO in read_file().
    - test/test_hookutils.py: added symlink tests.
    - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
      CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
      CVE-2021-32555
  * SECURITY UPDATE: info disclosure via modified config files spoofing
    (LP: #1917904)
    - backends/packaging-apt-dpkg.py: properly terminate arguments in
      get_modified_conffiles.
    - CVE-2021-32556
  * SECURITY UPDATE: arbitrary file write (LP: #1917904)
    - data/whoopsie-upload-all: don't follow symlinks and make sure the
      file isn't a FIFO in process_report().
    - CVE-2021-32557

 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400

Source diff to previous version
CVE-2021-32547 RESERVED
CVE-2021-32548 RESERVED
CVE-2021-32549 RESERVED
CVE-2021-32550 RESERVED
CVE-2021-32551 RESERVED
CVE-2021-32552 RESERVED
CVE-2021-32553 RESERVED
CVE-2021-32554 RESERVED
CVE-2021-32555 RESERVED
CVE-2021-32556 RESERVED
CVE-2021-32557 RESERVED

Version: 2.20.11-0ubuntu27.16 2021-02-02 19:06:56 UTC

  apport (2.20.11-0ubuntu27.16) focal-security; urgency=medium

  * SECURITY UPDATE: multiple security issues (LP: #1912326)
    - CVE-2021-25682: error parsing /proc/pid/status
    - CVE-2021-25683: error parsing /proc/pid/stat
    - CVE-2021-25684: stuck reading fifo
    - data/apport: make sure existing report is a regular file.
    - apport/fileutils.py: move some logic here to skip over manipulated
      process names and filenames.
    - test/test_fileutils.py: added some parsing tests.

 -- Marc Deslauriers <email address hidden> Tue, 26 Jan 2021 07:21:46 -0500

Source diff to previous version
CVE-2021-25682 RESERVED
CVE-2021-25683 RESERVED
CVE-2021-25684 RESERVED

Version: 2.20.11-0ubuntu27.12 2020-11-12 16:07:42 UTC

  apport (2.20.11-0ubuntu27.12) focal-security; urgency=medium

  * Various security hardening fixes (LP: #1903332)
    - apport/fileutils.py: drop privileges in the correct order, limit
      settings file size.
    - apport/apport/report.py: properly drop privileges, limit ignore file
      size.
    - data/apport: drop supplemental groups.

 -- Marc Deslauriers <email address hidden> Tue, 10 Nov 2020 15:03:57 -0500

1903332 Apport get_config incorrectly drops privileges



About   -   Send Feedback to @ubuntu_updates