[ubuntu/focal-security] apport 2.20.11-0ubuntu22 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Apr 2 00:43:42 UTC 2020
apport (2.20.11-0ubuntu22) focal; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
Date: 2020-03-27 07:10:17.966136+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu22
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list