Package "apport-retrace"
Name: |
apport-retrace
|
Description: |
tools for reprocessing Apport crash reports
|
Latest version: |
2.0.1-0ubuntu17.16 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
apport |
Homepage: |
https://wiki.ubuntu.com/Apport |
Links
Download "apport-retrace"
Other versions of "apport-retrace" in Precise
Changelog
apport (2.0.1-0ubuntu17.9) precise-security; urgency=medium
* SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
* Add test case to ensure that users cannot inject arbitrary core dump file
contents (CVE-2015-1325). This version is not affected, but having the
test will ensure that backported changes don't introduce this
vulnerability. (LP: #1453900)
* test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.
-- Martin Pitt <email address hidden> Wed, 13 May 2015 13:58:17 +0200
|
Source diff to previous version |
1452239 |
root escalation with fs.suid_dumpable=2 |
1453900 |
root escalation via race condition |
|
apport (2.0.1-0ubuntu17.8) precise-proposed; urgency=medium
[ Martin Pitt ]
* report.py, add_gdb_info(): Check for truncated core dumps, and set
UnreportableReason and raise an IOError on them. Handle this in
apport-retrace and whoopsie-upload-all to fail properly instead of
silently producing broken Stacktraces. (LP: #1354571)
-- Brian Murray <email address hidden> Tue, 28 Oct 2014 14:34:44 -0700
|
Source diff to previous version |
1354571 |
apport-retrace ignores warnings from gdb |
|
apport (2.0.1-0ubuntu17.7) precise; urgency=low
* fix up apport reporting for linux-lts-raring kernels (LP: #1352829)
- add links for linux-lts-trusty to the package to map those to
the source_linux.py hooks.
-- Andy Whitcroft <email address hidden> Wed, 06 Aug 2014 13:20:34 +0100
|
Source diff to previous version |
1352829 |
apport hook is not complete for filing bugs with ubuntu-bug linux on 12.04.5 |
|
apport (2.0.1-0ubuntu17.6) precise-security; urgency=low
* SECURITY UPDATE: incorrect permissions on setuid process core dumps
(LP: #1242435)
- use correct permissions when writing the core file in data/apport,
added test to test/test_signal_crashes.py.
- Thanks to Martin Pitt for the patch!
- CVE-2013-1067
-- Marc Deslauriers <email address hidden> Wed, 23 Oct 2013 13:04:37 -0400
|
Source diff to previous version |
|
apport (2.0.1-0ubuntu17.5) precise-proposed; urgency=low
* fix up apport reporting for linux-lts-raring kernels (LP: #1229611)
- generalise linux-meta* to linux* mapping so we do not have to add
each backport kernel explicitly.
- remove linux-lts-quantal hack which was introduced for when packages
were shipped via the x-swap PPA and so there was no real source
package in the archive.
- add links for linux-lts-raring to the package to map those to
the source_linux.py hooks.
- add links for linux-lts-saucy to the package to map those to
the source_linux.py hooks.
-- Andy Whitcroft <email address hidden> Tue, 24 Sep 2013 13:05:38 +0100
|
1229611 |
Apport package hooks might be incomplete, when file a bug against the kernel in 12.04.3, only Dependency.txt will be uploaded |
|
About
-
Send Feedback to @ubuntu_updates