This bug was fixed in the package apport - 2.19-0ubuntu1
---------------
apport (2.19-0ubuntu1) wily; urgency=medium
* New upstream release:
- apport: Drop re-nicing. This might decrease the time a user has to wait
for apport to finish the core dump for a crashed/hanging foreground
process. (See LP #1278780)
- kernel_crashdump: Enforce that the log/dmesg files are not a symlink.
This prevents normal users from pre-creating a symlink to the
predictable .crash file, and thus triggering a "fill up disk" DoS attack
when the .crash report tries to include itself. Thanks to halfdog for
discovering this! (CVE-2015-1338, part of LP #1492570)
- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_crashdump, and similar) to open the report file exclusively,
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
- apport: Ignore process restarts from systemd's watchdog. Their traces
are usually useless as they don't have any information about the actual
reasaon why processes hang (like VM suspends or kernel lockups with bad
hardware) (LP: #1433320)
-- Martin Pitt <martin.p...@ubuntu.com> Thu, 24 Sep 2015 14:41:54
+0200
** Changed in: apport (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1338
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1433320
Title:
systemd-journald, udev, logind crashed with SIGABRT -- get killed by 1
min watchdog timeout on longer kernel lockups
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1433320/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
