[ubuntu/xenial-security] apport 2.20.1-0ubuntu2.19 (Accepted)

Alex Murray alex.murray at canonical.com
Tue Jul 9 00:03:01 UTC 2019


apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium

  * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
    files (LP: #1830858)
    - apport/report.py: Avoid TOCTOU issue on users ignore file by
      dropping privileges and then opening the file both test for access and
      open the file in a single operation, instead of using access() before
      reading the file which could be abused by a symlink to cause Apport to
      read and embed an arbitrary file in the resulting crash dump.
    - CVE-2019-7307

Date: 2019-07-04 06:07:14.079469+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.19
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list