[ubuntu/bionic-updates] apport 2.20.9-0ubuntu7.14 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Apr 2 02:59:08 UTC 2020
apport (2.20.9-0ubuntu7.14) bionic-security; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
Date: 2020-03-27 07:10:20.736198+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list