[ubuntu/bionic-security] apport 2.20.9-0ubuntu7.28 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 17 16:27:42 UTC 2022
apport (2.20.9-0ubuntu7.28) bionic-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- test/test_report.py: Fix flaky test.
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
- debian/apport.init: restore symbolic link to proper directory.
Date: 2022-05-11 15:17:09.840156+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Martin Pitt <martin at piware.de>
https://launchpad.net/ubuntu/+source/apport/2.20.9-0ubuntu7.28
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list