[ubuntu/bionic-proposed] apport 2.20.8-0ubuntu1 (Accepted)

Brian Murray brian at ubuntu.com
Wed Nov 15 21:14:13 UTC 2017 

apport (2.20.8-0ubuntu1) bionic; urgency=medium

   * New upstream release:
     - SECURITY UPDATE: Denial of service via resource exhaustion and
       privilege escalation when handling crashes of tainted processes.
     - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
       the user and group owning the /proc/<PID>/stat file is the same
       owner and group that started the process. Rather check the dump
       mode of the crashed process and do not write a core file if its
       value is 2. Thanks to Sander Bos for discovering this issue!
       (CVE-2017-14177, LP: #1726372)
     - SECURITY UPDATE: Denial of service via resource exhaustion,
       privilege escalation, and possible container escape when handling
       crashes of processes inside PID namespaces.
     - Change the method for determining if a crash is from a container
       so that there are no false positives from software using PID
       namespaces. Additionally, disable container crash forwarding by
       ignoring crashes that occur in a PID namespace. This functionality
       may be re-enabled in a future update. Thanks to Sander Bos for
       discovering this issue!
       (CVE-2017-14180, LP: #1726372)
   * apport/hookutils.py: modify package_versions to return an empty string if
     packages is empty. (LP: #1723822)

Date: Wed, 15 Nov 2017 12:44:24 -0800
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.8-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Nov 2017 12:44:24 -0800
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: source
Version: 2.20.8-0ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Changed-By: Brian Murray <brian at ubuntu.com>
Description:
 apport     - automatically generate crash reports for debugging
 apport-gtk - GTK+ frontend for the apport crash report system
 apport-kde - KDE frontend for the apport crash report system
 apport-noui - tools for automatically reporting Apport crash reports
 apport-retrace - tools for reprocessing Apport crash reports
 apport-valgrind - valgrind wrapper that first downloads debug symbols
 dh-apport  - debhelper extension for the apport crash report system
 python-apport - Python library for Apport crash report handling
 python-problem-report - Python library to handle problem reports
 python3-apport - Python 3 library for Apport crash report handling
 python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1723822 1726372
Changes:
 apport (2.20.8-0ubuntu1) bionic; urgency=medium
 .
    * New upstream release:
      - SECURITY UPDATE: Denial of service via resource exhaustion and
        privilege escalation when handling crashes of tainted processes.
      - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
        the user and group owning the /proc/<PID>/stat file is the same
        owner and group that started the process. Rather check the dump
        mode of the crashed process and do not write a core file if its
        value is 2. Thanks to Sander Bos for discovering this issue!
        (CVE-2017-14177, LP: #1726372)
      - SECURITY UPDATE: Denial of service via resource exhaustion,
        privilege escalation, and possible container escape when handling
        crashes of processes inside PID namespaces.
      - Change the method for determining if a crash is from a container
        so that there are no false positives from software using PID
        namespaces. Additionally, disable container crash forwarding by
        ignoring crashes that occur in a PID namespace. This functionality
        may be re-enabled in a future update. Thanks to Sander Bos for
        discovering this issue!
        (CVE-2017-14180, LP: #1726372)
    * apport/hookutils.py: modify package_versions to return an empty string if
      packages is empty. (LP: #1723822)
Checksums-Sha1:
 3dd5b93d669dc91ba1dd64e03c1320cd390d62b1 2151 apport_2.20.8-0ubuntu1.dsc
 7294f7d69b51a607beed3b025f38623344fb5781 1374044 apport_2.20.8-0ubuntu1.tar.gz
 45d569665abb0aef68440f08901d87585acdfd6a 8337 apport_2.20.8-0ubuntu1_source.buildinfo
Checksums-Sha256:
 f8563d6c8fd4c0e6aa8cf94e0678ebb54b9516369480266ec8bee76da0354c40 2151 apport_2.20.8-0ubuntu1.dsc
 fe477dc4b38bcdc40ab7699714c357962b7df6e1f19c360bf06f45559749e6df 1374044 apport_2.20.8-0ubuntu1.tar.gz
 4cba15085dcf8a95cce0653e5d32a07da3790e17d03d8b6c54ad06a9fca16380 8337 apport_2.20.8-0ubuntu1_source.buildinfo
Files:
 e9b1389ef28e88e5fdd198c50488f4ae 2151 utils optional apport_2.20.8-0ubuntu1.dsc
 45475074fc4acd3169518c13462bc654 1374044 utils optional apport_2.20.8-0ubuntu1.tar.gz
 42ac330a678dc1320792a49085ac8f6e 8337 utils optional apport_2.20.8-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAloMpz0ACgkQDTAwc5ER+zWFVQCgqScyHE/HFncaKdOTckd+8PWf
LTIAnReLrY75aOu1LusjwWTVgbbHF/yl
=T3ca
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list