[ubuntu/eoan-security] apport 2.20.11-0ubuntu8.8 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Apr 2 00:43:46 UTC 2020
apport (2.20.11-0ubuntu8.8) eoan-security; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
apport (2.20.11-0ubuntu8.7) eoan; urgency=medium
* apport/ui.py: Always allow users to use ubuntu-bug or apport-collect
regardless of the Problem Reporting setting as they are manually invoked
and not automatically generated like a crash report. (LP: #1814611)
Date: 2020-03-27 07:00:23.506481+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu8.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list