UbuntuUpdates.org

Package "apport-retrace"

Name: apport-retrace

Description:

tools for reprocessing Apport crash reports

Latest version: 2.20.11-0ubuntu27.26
Release: focal (20.04)
Level: security
Repository: main
Head package: apport
Homepage: https://wiki.ubuntu.com/Apport

Links


Download "apport-retrace"


Other versions of "apport-retrace" in Focal

Repository Area Version
base main 2.20.11-0ubuntu27
updates main 2.20.11-0ubuntu27.27

Changelog

Version: 2.20.11-0ubuntu27.16 2021-02-02 19:06:56 UTC

  apport (2.20.11-0ubuntu27.16) focal-security; urgency=medium

  * SECURITY UPDATE: multiple security issues (LP: #1912326)
    - CVE-2021-25682: error parsing /proc/pid/status
    - CVE-2021-25683: error parsing /proc/pid/stat
    - CVE-2021-25684: stuck reading fifo
    - data/apport: make sure existing report is a regular file.
    - apport/fileutils.py: move some logic here to skip over manipulated
      process names and filenames.
    - test/test_fileutils.py: added some parsing tests.

 -- Marc Deslauriers <email address hidden> Tue, 26 Jan 2021 07:21:46 -0500

Source diff to previous version
CVE-2021-25682 RESERVED
CVE-2021-25683 RESERVED
CVE-2021-25684 RESERVED

Version: 2.20.11-0ubuntu27.12 2020-11-12 16:07:42 UTC

  apport (2.20.11-0ubuntu27.12) focal-security; urgency=medium

  * Various security hardening fixes (LP: #1903332)
    - apport/fileutils.py: drop privileges in the correct order, limit
      settings file size.
    - apport/apport/report.py: properly drop privileges, limit ignore file
      size.
    - data/apport: drop supplemental groups.

 -- Marc Deslauriers <email address hidden> Tue, 10 Nov 2020 15:03:57 -0500

Source diff to previous version
1903332 Apport get_config incorrectly drops privileges

Version: 2.20.11-0ubuntu27.6 2020-08-04 19:07:06 UTC

  apport (2.20.11-0ubuntu27.6) focal-security; urgency=medium

  * SECURITY UPDATE: information disclosure issue (LP: #1885633)
    - data/apport: also drop gid when checking if user session is closing.
    - CVE-2020-11936
  * SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
    - apport/report.py: don't crash on malformed mtime values.
    - CVE-2020-15701
  * SECURITY UPDATE: TOCTOU in core file location
    - data/apport: make sure the process hasn't been replaced after Apport
      has started.
    - CVE-2020-15702
  * apport/ui.py, test/test_ui.py: make sure a PID is specified when using
    --hanging (LP: #1876659)
  * WARNING: This package does _not_ contain the changes from
    2.20.11-0ubuntu27.5 in focal-proposed.

 -- Marc Deslauriers <email address hidden> Fri, 31 Jul 2020 09:10:30 -0400

1877023 Unhandled exception in check_ignored()
1876659 Unhandled exception in run_hang()
CVE-2020-11936 RESERVED
CVE-2020-15701 RESERVED
CVE-2020-15702 RESERVED



About   -   Send Feedback to @ubuntu_updates