UbuntuUpdates.org

Package "apport"

Name: apport

Description:

automatically generate crash reports for debugging

Latest version: 2.20.11-0ubuntu8.8
Release: eoan (19.10)
Level: updates
Repository: main
Homepage: https://wiki.ubuntu.com/Apport

Links

Save this URL for the latest version of "apport": https://www.ubuntuupdates.org/apport


Download "apport"


Other versions of "apport" in Eoan

Repository Area Version
base universe 2.20.11-0ubuntu8
base main 2.20.11-0ubuntu8
security main 2.20.11-0ubuntu8.8
security universe 2.20.11-0ubuntu8.8
updates universe 2.20.11-0ubuntu8.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.20.11-0ubuntu8.8 2020-04-02 05:06:34 UTC

  apport (2.20.11-0ubuntu8.8) eoan-security; urgency=medium

  * SECURITY UPDATE: World writable root owned lock file created in user
    controllable location (LP: #1862348)
    - data/apport: Change location of lock file to be directly under
      /var/run so that regular users can not directly access it or perform
      symlink attacks.
    - CVE-2020-8831
  * SECURITY UPDATE: Race condition between report creation and ownership
    (LP: #1862933)
    - data/apport: When setting owner of report file use a file-descriptor
      to the report file instead of its path name to ensure that users can
      not cause Apport to change the ownership of other files via a
      symlink attack.
    - CVE-2020-8833

 -- Alex Murray <email address hidden> Wed, 25 Mar 2020 11:40:00 +1030

Source diff to previous version
1862348 Apport lock file root privilege escalation
1862933 Apport crash report \u0026 cron script TOCTTOU
CVE-2020-8831 RESERVED
CVE-2020-8833 RESERVED

Version: 2.20.11-0ubuntu8.7 2020-03-26 11:07:26 UTC

  apport (2.20.11-0ubuntu8.7) eoan; urgency=medium

  * apport/ui.py: Always allow users to use ubuntu-bug or apport-collect
    regardless of the Problem Reporting setting as they are manually invoked
    and not automatically generated like a crash report. (LP: #1814611)

 -- Brian Murray <email address hidden> Wed, 18 Mar 2020 15:21:14 -0700

Source diff to previous version
1814611 turning off \

Version: 2.20.11-0ubuntu8.6 2020-03-18 03:06:32 UTC

  apport (2.20.11-0ubuntu8.6) eoan-security; urgency=medium

  * SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
    (LP: #1851806)
    - apport/report.py, apport/ui.py: use file descriptors for /proc/pid
      directory access only when running under python 3; prevent reading /proc
      maps under python 2 as it does not provide a secure way to do so; use
      io.open for better compatibility between python 2 and 3.
  * data/apport: fix number of arguments passed through socks into a container.
  * test/test_report.py: test login session with both pid and proc_pid_fd.

 -- Tiago Stürmer Daitx <email address hidden> Thu, 27 Feb 2020 03:18:45 +0000

Source diff to previous version
1851806 'module' object has no attribute 'O_PATH'

Version: 2.20.11-0ubuntu8.5 2020-03-02 11:06:18 UTC

  apport (2.20.11-0ubuntu8.5) eoan; urgency=medium

  * data/whoopsie-upload-all: append to the crash report using fdopen and open
    from os to cope with protected_regular being set to 1. (LP: #1848064)

  [ Michael Hudson-Doyle ]
  * Fix autopkgtest failures since recent security update: (LP: #1854237)
    - Fix regression in creating report for crashing setuid process by getting
      kernel to tell us the executable path rather than reading
      /proc/[pid]/exe.
    - Fix deletion of partially written core files.
    - Fix test_get_logind_session to use new API.
    - Restore add_proc_info raising ValueError for a dead process.
    - Delete test_lock_symlink, no longer applicable now that the lock is
      created in a directory only root can write to.

 -- Brian Murray <email address hidden> Mon, 24 Feb 2020 09:38:55 -0800

Source diff to previous version
1848064 /usr/share/apport/whoopsie-upload-all:PermissionError:/usr/share/apport/whoopsie-upload-all@168:collect_info:process_report
1854237 autopkgtests fail after security fixes

Version: 2.20.11-0ubuntu8.4 2020-02-17 21:06:43 UTC

  apport (2.20.11-0ubuntu8.4) eoan; urgency=medium

  * Create additional symlinks to the source_linux.py apport package hook for
    many OEM kernels. Thanks to You-Sheng Yang for the patch. (LP: #1847967)

1847967 oem kernel packages treated differently from generic kernel ones



About   -   Send Feedback to @ubuntu_updates