This bug was fixed in the package apport - 2.19-0ubuntu1 --------------- apport (2.19-0ubuntu1) wily; urgency=medium
* New upstream release: - apport: Drop re-nicing. This might decrease the time a user has to wait for apport to finish the core dump for a crashed/hanging foreground process. (See LP #1278780) - kernel_crashdump: Enforce that the log/dmesg files are not a symlink. This prevents normal users from pre-creating a symlink to the predictable .crash file, and thus triggering a "fill up disk" DoS attack when the .crash report tries to include itself. Thanks to halfdog for discovering this! (CVE-2015-1338, part of LP #1492570) - SECURITY FIX: Fix all writers of report files (package_hook, kernel_crashdump, and similar) to open the report file exclusively, i. e. fail if they already exist. This prevents privilege escalation through symlink attacks. Note that this will also prevent overwriting previous reports with the same same. Thanks to halfdog for discovering this! (CVE-2015-1338, LP: #1492570) - apport: Ignore process restarts from systemd's watchdog. Their traces are usually useless as they don't have any information about the actual reasaon why processes hang (like VM suspends or kernel lockups with bad hardware) (LP: #1433320) -- Martin Pitt <martin.p...@ubuntu.com> Thu, 24 Sep 2015 14:41:54 +0200 ** Changed in: apport (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-1338 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1433320 Title: systemd-journald, udev, logind crashed with SIGABRT -- get killed by 1 min watchdog timeout on longer kernel lockups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1433320/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs