[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
This was fixed in the upload of apport 2.17.3-1 to Debian Experimental ** Changed in: apport (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
This bug was fixed in the package apport - 2.17.1-0ubuntu1 --- apport (2.17.1-0ubuntu1) vivid; urgency=medium * New upstream bug fix release: - SECURITY UPDATE: Fix root privilege escalation through crash forwarding to containers. Version 2.13 introduced forwarding a crash to a container's apport. By crafting a specific file system structure, entering it as a namespace ("container"), and crashing something in it, a local user could access arbitrary files on the host system with root privileges. Thanks to Stéphane Graber for discovering and fixing this! (CVE-2015-1318, LP: #1438758) - apport-kde tests: Fix imports to make tests work again. - Fix UnicodeDecodeError on parsing non-ASCII environment variables. - apport: use the proper pid when calling apport in another PID namespace. Thanks Brian Murray. (LP: #1300235) -- Martin PittTue, 14 Apr 2015 09:10:17 -0500 ** Changed in: apport (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
vivid update uploaded. ** Changed in: apport (Ubuntu Vivid) Status: In Progress => Fix Committed ** Changed in: apport (Ubuntu Vivid) Assignee: Martin Pitt (pitti) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
** Changed in: apport (Ubuntu Trusty) Status: Triaged => Fix Released ** Changed in: apport (Ubuntu Utopic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
Upstream fix landed in http://bazaar.launchpad.net/~apport- hackers/apport/trunk/revision/2943 ** Changed in: apport Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
New upstream release containing this fix: https://launchpad.net/apport/trunk/2.17.1 Ritesh, you can go ahead with the Debian update now. ** Changed in: apport Status: Fix Committed => Fix Released ** Changed in: apport (Ubuntu Vivid) Status: Triaged => In Progress ** Changed in: apport (Ubuntu Vivid) Assignee: (unassigned) => Martin Pitt (pitti) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
** Branch linked: lp:apport -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1438758] Re: User to root privilege escalation (ab)using the crash forwarding feature of apport
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438758 Title: User to root privilege escalation (ab)using the crash forwarding feature of apport To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1438758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs