Package "apport-retrace"
Name: |
apport-retrace
|
Description: |
tools for reprocessing Apport crash reports
|
Latest version: |
2.14.1-0ubuntu3.29 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
apport |
Homepage: |
https://wiki.ubuntu.com/Apport |
Links
Download "apport-retrace"
Other versions of "apport-retrace" in Trusty
Changelog
apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium
* test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt Thu, 22 Oct 2015 15:15:37 +0200
|
Source diff to previous version |
|
apport (2.14.1-0ubuntu3.15) trusty-security; urgency=medium
[ Martin Pitt ]
* SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)
* SECURITY FIX: Fix all writers of report files to open the report file
exclusively.
Fix package_hook, kernel_crashdump, and similar hooks to fail if the
report already exists. This prevents privilege escalation through symlink
attacks. Note that this will also prevent overwriting previous reports
with the same same. Thanks to halfdog for discovering this!
(CVE-2015-1338, LP: #1492570)
[ Marc Deslauriers ]
* This package does _not_ contain the changes from 2.14.1-0ubuntu3.14 in
trusty-proposed.
-- Marc Deslauriers Wed, 23 Sep 2015 11:28:26 -0400
|
Source diff to previous version |
|
apport (2.14.1-0ubuntu3.11) trusty-security; urgency=medium
* SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
* SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind and
re-read it. This prevents the user from modifying the .crash report file
while "apport" is running to inject data and creating crafted core dump
files. In conjunction with the above vulnerability of writing core dump
files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)
* test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.
-- Martin Pitt <email address hidden> Wed, 13 May 2015 11:53:18 +0200
|
Source diff to previous version |
1452239 |
root escalation with fs.suid_dumpable=2 |
1453900 |
root escalation via race condition |
|
apport (2.14.1-0ubuntu3.10) trusty-security; urgency=medium
* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
- data/apport: temporarily disable container support until it can be
re-written in a secure manner.
- CVE number pending
-- Marc Deslauriers <email address hidden> Thu, 16 Apr 2015 07:56:02 -0400
|
Source diff to previous version |
1444518 |
Insecure /proc/net/unix parsing |
|
apport (2.14.1-0ubuntu3.9) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation through namespaces and crafted
chroot (LP: #1438345)
- data/apport: If crash comes from a container, rather than
chrooting into it, detect what LXC container it is and then use the
attach_wait API call to execute apport in the container.
- data/apport: Don't fail when encountering unicode characters.
(Thanks to Martin Pitt)
- test/test_signal_crashes.py: Test for the unicode fix.
(Thanks to Martin Pitt)
- CVE-2015-1318
-- Stephane Graber <email address hidden> Wed, 08 Apr 2015 13:16:27 -0400
|
1438345 |
Getting invalid request when querying co-mounted cgroups |
|
About
-
Send Feedback to @ubuntu_updates