apport (2.20.1-0ubuntu2.30+esm7) xenial-security; urgency=medium
* SECURITY REGRESSION: exception during core dump handling (LP: #2112466)
- data/apport: Catch FileNotFoundError when trying to open /proc/<pid>.
- test/run: Use pyflakes3 instead of pyflakes for python3 files.
apport (2.20.1-0ubuntu2.30+esm6) xenial-security; urgency=medium
* SECURITY REGRESSION: apport not generating core dumps inside containers
(LP: #2112272)
- data/apport: Check the exe mtime within the proc root mount.
apport (2.20.1-0ubuntu2.30+esm5) xenial-security; urgency=medium
* SECURITY UPDATE: Insecure report permissions (LP: #2106338)
- data/apport: Do not change report group to report owners primary group.
- CVE-2025-5467
* SECURITY UPDATE: Race condition when forwarding core files to containers
(LP: #2107472)
- data/apport: Do not override options.pid.
- data/apport: Open /proc/<pid> as early as possible.
- data/fileutils.py: Respect proc_pid_fd in get_core_path.
- test/test_fileutils.py: Respect proc_pid_fd in get_core_path.
- data/apport: Use opened /proc/<pid> everywhere.
- data/apport: Do consistency check before forwarding crashes.
- data/apport: Require --dump-mode to be specified.
- data/apport: Determine report owner by dump_mode.
- test/test_signal_crashes.py: Determine report owner by dump_mode.
- data/apport: Do not forward crash for dump_mode == 2.
- data/apport: Support pidfd (%F) parameter from kernel.
- etc/init.d/apport: Support pidfd (%F) parameter from kernel.
- CVE-2025-5054
apport (2.20.1-0ubuntu2.30+esm4) xenial-security; urgency=medium
* test/test_hooks.py: update assertion in func test_package_hook_nologs() to
handle bash package esm version.
[ Marc Deslauriers ]
* SECURITY UPDATE: Fix multiple security issues
- test/test_report.py: Fix flaky test.
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
- debian/apport.upstart: restore symbolic link to proper directory.
apport (2.20.1-0ubuntu2.30+esm3) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/fileutils.py, apport/report.py, data/apport,
test/test_fileutils.py, test/test_report.py,
test/test_signal_crashes.py, test/test_ui.py.
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/apport.conf,
debian/apport.install.
apport (2.20.1-0ubuntu2.30+esm2) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Arbitrary file read (LP: #1934308)
- data/general-hooks/ubuntu.py: don't attempt to include emacs
byte-compilation logs, they haven't been generated by the emacs
packages in a long time.
- CVE-2021-3709
* SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832)
- apport/hookutils.py, test/test_hookutils.py: detect path traversal
attacks, and directory symlinks.
- CVE-2021-3710
apport (2.20.1-0ubuntu2.30+esm1) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
- apport/hookutils.py: don't follow symlinks and make sure the file
isn't a FIFO in read_file().
- test/test_hookutils.py: added symlink tests.
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/packaging-apt-dpkg.py: properly terminate arguments in
get_modified_conffiles.
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-upload-all: don't follow symlinks and make sure the
file isn't a FIFO in process_report().
- CVE-2021-32557
Date: 2025-07-11 15:04:11.788207+00:00
Changed-By: Octavio Galland <[email protected]>
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.30+esm7
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
