[ubuntu/bionic-updates] apport 2.20.9-0ubuntu7.7 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jul 9 00:28:17 UTC 2019
apport (2.20.9-0ubuntu7.7) bionic-security; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
Date: 2019-07-04 07:15:12.862841+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list