UbuntuUpdates.org

Package "apport-gtk"

Name: apport-gtk

Description:

GTK+ frontend for the apport crash report system

Latest version: 2.14.1-0ubuntu3.29
Release: trusty (14.04)
Level: updates
Repository: main
Head package: apport
Homepage: https://wiki.ubuntu.com/Apport

Links


Download "apport-gtk"


Other versions of "apport-gtk" in Trusty

Repository Area Version
base main 2.14.1-0ubuntu3
security main 2.14.1-0ubuntu3.29

Changelog

Version: 2.14.1-0ubuntu3.29 2018-06-04 19:07:08 UTC

  apport (2.14.1-0ubuntu3.29) trusty-security; urgency=medium

  * data/apport: Properly handle crashes originating from a PID namespace.
    (LP: #1746668)
    - Thanks to Sander Bos for discovering this issue.
    - CVE-2018-6552

 -- Marc Deslauriers <email address hidden> Fri, 01 Jun 2018 08:12:01 -0400

Source diff to previous version
CVE-2018-6552 RESERVED

Version: 2.14.1-0ubuntu3.28 2018-05-15 02:06:18 UTC

  apport (2.14.1-0ubuntu3.28) trusty-security; urgency=medium

  * REGRESSION UPDATE: Fix regression that caused a Traceback in the
    container support (LP: #1733366)
    - data/apport: add a second os.path.exists check to ensure we do not
      receive a Traceback in is_container_id() and add an exception handler in
      case either name space can not be found.

 -- Brian Murray <email address hidden> Fri, 20 Apr 2018 14:11:44 -0700

Source diff to previous version
1733366 apport crashed with FileNotFoundError in is_container_pid(): [Errno 2] No such file or directory: '/proc/11102/ns/pid'

Version: 2.14.1-0ubuntu3.27 2017-11-15 23:06:53 UTC

  apport (2.14.1-0ubuntu3.27) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden> Mon, 13 Nov 2017 08:54:04 -0800

Source diff to previous version
1726372 Multiple security issues in Apport
CVE-2017-14177 RESERVED
CVE-2017-14180 RESERVED

Version: 2.14.1-0ubuntu3.25 2017-07-18 20:07:15 UTC

  apport (2.14.1-0ubuntu3.25) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:04 -0300

Source diff to previous version
1700573 Code execution through path traversal in .crash files processing
CVE-2017-1070 RESERVED

Version: 2.14.1-0ubuntu3.24 2017-05-22 16:06:49 UTC

  apport (2.14.1-0ubuntu3.24) trusty; urgency=medium

  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)
  * data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
    14.04 or 16.04 so set an UnreportableReason in those reports.
    (LP: #1689093)

 -- Brian Murray <email address hidden> Fri, 12 May 2017 12:29:08 -0700

1673557 /proc/cpuinfo should be collected
1689093 modify ubuntu-gnome hook to set UnreportableReason for 14.04 and 16.04



About   -   Send Feedback to @ubuntu_updates