[ubuntu/focal-proposed] apport 2.20.11-0ubuntu22 (Accepted)
Steve Langasek
steve.langasek at canonical.com
Fri Apr 3 00:10:07 UTC 2020
apport (2.20.11-0ubuntu22) focal; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
Date: 2020-03-27 07:10:17.966136+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu22
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list