UbuntuUpdates.org

Package "dh-apport"

Name: dh-apport

Description:

debhelper extension for the apport crash report system
Latest version: 2.20.11-0ubuntu82.4
Release: jammy (22.04)
Level: security
Repository: universe
Head package: apport
Homepage: https://wiki.ubuntu.com/Apport

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dh-apport"

All arch deb package
APT INSTALL

Other versions of "dh-apport" in Jammy

Repository Area Version
base universe 2.20.11-0ubuntu82
updates universe 2.20.11-0ubuntu82.6

Changelog

Version: 2.20.11-0ubuntu82.4 2023-04-13 22:07:21 UTC

  apport (2.20.11-0ubuntu82.4) jammy-security; urgency=medium

  * SECURITY UPDATE: viewing an apport-cli crash with default pager could
    escalate privilege (LP: #2016023)
    - apport/fileutils.py: Add get_process_environ()
    - apport/ui.py, apport/user_group.py, bin/apport-cli: drops privilege to
      users environment before execution
    - test/test_fileutils.py, test/test_ui.py, test/test_user/group.py: Add
      test cases for new code
    - CVE-2023-1326

 -- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 19:00:36 +0200
Source diff to previous version
CVE-2023-1326 RESERVED

Version: 2.20.11-0ubuntu82.1 2022-05-17 18:06:30 UTC

  apport (2.20.11-0ubuntu82.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Fix multiple security issues
    - data/apport: Fix too many arguments for error_log().
    - data/apport: Use proper argument variable name executable_path.
    - etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
      sure the kernel waits for apport to finish before removing the /proc
      information.
    - apport/fileutils.py, data/apport: Search for executable name if one
      wan't provided such as when being called in a container.
    - data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
      CVE-2022-28656)
    - data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
      D-Bus socket location. (CVE-2022-28655)
    - apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
      in get_config() to prevent DoS attacks. (CVE-2022-28652)
    - Refactor duplicate code into search_map() function.
    - Switch from chroot to container to validating socket owner.
      (CVE-2022-1242, CVE-2022-28657)
    - data/apport: Clarify error message.
    - apport/fileutils.py: Fix typo in comment.
    - apport/fileutils.py: Do not call str in loop.
    - data/apport, etc/init.d/apport: Switch to using non-positional
      arguments. Get real UID and GID from the kernel and make sure they
      match the process. Also fix executable name space handling in
      argument parsing. (CVE-2022-28658, CVE-2021-3899)

 -- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
CVE-2022-28654 RESERVED
CVE-2022-28656 RESERVED
CVE-2022-28655 RESERVED
CVE-2022-28652 RESERVED
CVE-2022-1242 RESERVED
CVE-2022-28657 RESERVED
CVE-2022-28658 RESERVED
CVE-2021-3899 RESERVED


About   -   Send Feedback to @ubuntu_updates