This bug was fixed in the package apport - 2.33.0-0ubuntu1
---------------
apport (2.33.0-0ubuntu1) questing; urgency=medium
* New upstream release
- SECURITY UPDATE: Report file insecure permissions (LP: #2106338)
+ Do not change report group to report owner's primary group.
+ CVE-2025-5467
- SECURITY UPDATE: Race condition when forwarding core files to containers
(LP: #2107472)
+ apport: move consistency_checks call further up
+ apport: do not override options.pid
+ apport: open /proc/<pid> as early as possible
+ fileutils: respect proc_pid_fd in get_core_path
+ apport: use opened /proc/<pid> everywhere
+ apport: do consistency check before forwarding crashes
+ apport: require --dump-mode to be specified
+ apport: determine report owner by dump_mode
+ apport: do not forward crash for dump_mode == 2
+ apport: support pidfd (%F) parameter from kernel
+ CVE-2025-5054
- test: support coreutils rename to gnu-coreutils (LP: #2111595)
- setuptools/java: use snakecase for option name (LP: #2111595)
- apport: look for the exe within the proc root mount (LP: #2112272)
* Depend on gnu-coreutils for integration/system tests
* Depend on python3-pytest-cov in addition to python3-pytest
* Drop patches applied upstream and refresh remaining patches
* Address some Pyright complaints in ubuntu general hook
-- Benjamin Drung <[email protected]> Fri, 06 Jun 2025 13:53:15 +0200
** Changed in: apport (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-5054
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-5467
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2112272
Title:
Apport refuses to generate core dumps inside containers
Status in Apport:
Fix Released
Status in apport package in Ubuntu:
Fix Released
Bug description:
lsb_release -rd
Description: Ubuntu 22.04.5 LTS
Release: 22.04
apport:
Installed: 2.20.11-0ubuntu82
Candidate: 2.20.11-0ubuntu82.7
Version table:
2.20.11-0ubuntu82.7 500
500 http://us-west-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main
amd64 Packages
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64
Packages
*** 2.20.11-0ubuntu82 500
500 http://us-west-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64
Packages
100 /var/lib/dpkg/status
What happened:
Version 2.20.11-0ubuntu82.7 introduced a new function called
consistency_checks that now refuses to generate core dumps and logging
the message "executable was modified after program start, ignoring."
However, this check fails in container environments because the binary
resides inside container-specific directories, not directly on the
host OS.
"if not os.path.exists(os.readlink('exe', dir_fd=proc_pid_fd))"
As a result, core dumps from containers are being discarded. Prior to
this update, core dumps were generated correctly.
What you expected to happen:
When a process inside the container crashes, the apport running on the
host OS should forward the core dump via a UNIX socket instead of
exiting because the binary is not present on the host OS.
Changes:
https://launchpadlibrarian.net/796123959/apport_2.20.11-0ubuntu82.6_2.20.11-0ubuntu82.7.diff.gz
+process_start = get_process_starttime()
+if not consistency_checks(options, process_start):
+ sys.exit(0)
+
# Check if we received a valid global PID (kernel >= 3.12). If we do,
# then compare it with the local PID. If they don't match, it's an
# indication that the crash originated from another PID namespace.
@@ -540,21 +617,24 @@
if options.global_pid is not None:
consistency_checks should be after checking if the crash originated
from another PID namespace.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/2112272/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
