UbuntuUpdates.org

Package "apport"

Name: apport

Description:

automatically generate crash reports for debugging

Latest version: 2.20.4-0ubuntu4.10
Release: zesty (17.04)
Level: updates
Repository: main
Homepage: https://wiki.ubuntu.com/Apport

Links

Save this URL for the latest version of "apport": https://www.ubuntuupdates.org/apport


Download "apport"


Other versions of "apport" in Zesty

Repository Area Version
base main 2.20.4-0ubuntu4
base universe 2.20.4-0ubuntu4
security universe 2.20.4-0ubuntu4.10
security main 2.20.4-0ubuntu4.10
updates universe 2.20.4-0ubuntu4.10

Packages in group

Deleted packages are displayed in grey.

apport-gtk apport-retrace python-apport python-problem-report python3-apport
python3-problem-report

Changelog

Version: 2.20.4-0ubuntu4.10 2018-01-03 22:06:30 UTC

  apport (2.20.4-0ubuntu4.10) zesty-security; urgency=medium

  * REGRESSION UPDATE: Fix regression that caused a Traceback in the
    container support (LP: #1733366)
    - data/apport: add a second os.path.exists check to ensure we do not
      receive a Traceback in is_container_id() and add an exception handler in
      case either name space can not be found.

 -- Brian Murray <email address hidden> Wed, 13 Dec 2017 10:51:39 -0800

Source diff to previous version
1733366 apport crashed with FileNotFoundError in is_container_pid(): [Errno 2] No such file or directory: '/proc/11102/ns/pid'

Version: 2.20.4-0ubuntu4.9 2017-12-07 20:07:00 UTC

  apport (2.20.4-0ubuntu4.9) zesty; urgency=medium

  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden> Mon, 27 Nov 2017 15:24:59 -0800

Source diff to previous version
1722564 apport question will not accept multi-character responses

Version: 2.20.4-0ubuntu4.8 2017-11-21 01:06:55 UTC

  apport (2.20.4-0ubuntu4.8) zesty-security; urgency=medium

  [ Stéphane Graber ]
  * REGRESSION UPDATE: Fix regression in previous upload by re-enabling
    container support. (LP: #1732518)
  * REGRESSION UPDATE: Fix the core_pattern for upstart based systems to
    include the dump mode.
  * Add code preventing a user from confusing apport by using
    a manually crafted filesystem inside a combination of a user and mount
    namespace.
  * Add a check in apport receiver for the number of arguments so that
    should another argument be added later, the receiver will simply ignore
    the crash until it itself gets updated.

 -- Tyler Hicks <email address hidden> Fri, 17 Nov 2017 15:55:58 +0000

Source diff to previous version
1732518 Please re-enable container support in apport

Version: 2.20.4-0ubuntu4.7 2017-11-15 23:06:57 UTC

  apport (2.20.4-0ubuntu4.7) zesty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden> Thu, 09 Nov 2017 15:36:32 -0800

Source diff to previous version
1726372 Multiple security issues in Apport
CVE-2017-14177 RESERVED
CVE-2017-14180 RESERVED

Version: 2.20.4-0ubuntu4.5 2017-07-18 20:07:23 UTC

  apport (2.20.4-0ubuntu4.5) zesty-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:27 -0300

1700573 Code execution through path traversal in .crash files processing
CVE-2017-1070 RESERVED



About   -   Send Feedback to @ubuntu_updates