Apport 2.21.0
Milestone information
- Project:
- Apport
- Series:
- main
- Version:
- 2.21.0
- Released:
- Registrant:
- Benjamin Drung
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 1 Benjamin Drung, 1 Julian Andres Klode
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 26 Fix Released
Download files for this release
Release notes
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
* SECURITY UPDATE: apport reads arbitrary files if ~/.config/
is a symlink (LP: #1830862)
- apport/
- CVE-2019-11481
* SECURITY UPDATE: TOCTTOU race conditions and following symbolic
links when creating a core file (LP: #1839413)
- data/apport: use file descriptor to reference to cwd instead
of strings.
- CVE-2019-11482
* SECURITY UPDATE: fully user controllable lock file due to lock file
being located in world-writable directory (LP: #1839415)
- data/apport: create and use lock file from /var/lock/apport.
- CVE-2019-11485
* SECURITY UPDATE: per-process user controllable Apport socket file
(LP: #1839420)
- data/apport: forward crashes only under a valid uid and gid,
thanks Stéphane Graber for the patch.
- CVE-2019-11483
* SECURITY UPDATE: PID recycling enables an unprivileged user to
generate and read a crash report for a privileged process (LP: #1839795)
- data/apport: drop permissions before adding proc info (special thanks
to Kevin Backhouse for the patch)
- data/apport, apport/report.py, apport/ui.py: only access or open
/proc/[pid] through a file descriptor for that directory.
- CVE-2019-15790
* SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
(LP: #1851806)
- apport/report.py, apport/ui.py: use file descriptors for /proc/pid
directory access only when running under python 3; prevent reading /proc
maps under python 2 as it does not provide a secure way to do so; use
io.open for better compatibility between python 2 and 3.
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
* SECURITY UPDATE: information disclosure issue (LP: #1885633)
- data/apport: also drop gid when checking if user session is closing.
- CVE-2020-11936
* SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
- apport/report.py: don't crash on malformed mtime values.
- CVE-2020-15701
* SECURITY UPDATE: TOCTOU in core file location
- data/apport: make sure the process hasn't been replaced after Apport
has started.
- CVE-2020-15702
* SECURITY UPDATE: multiple security issues (LP: #1912326)
- CVE-2021-25682: error parsing /proc/pid/status
- CVE-2021-25683: error parsing /proc/pid/stat
- CVE-2021-25684: stuck reading fifo
- data/apport: make sure existing report is a regular file.
- apport/
process names and filenames.
- test/test_
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904)
- apport/
isn't a FIFO in read_file().
- test/test_
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554,
CVE-2021-32555
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/
get_
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-
file isn't a FIFO in process_report().
- CVE-2021-32557
* SECURITY UPDATE: Arbitrary file read (LP: #1934308)
- data/general-
byte-
packages in a long time.
- CVE-2021-3709
* SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832)
- apport/
attacks, and directory symlinks.
- CVE-2021-3710
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/
test/
test/
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/
* backends/
contents mapping.
* test/test_
mapping.
* test/test_
* apport/ui.py: Write an UnreportableReason for snaps and provide information
on how to contact a snap developer. (LP: #1729491)
* problem_report.py, bin/apport-unpack: restore some python2 code because the
Error Tracker retracers need it.
* backends/
for executables in the contents mapping.
* apport/ui.py: When saving a report for later processing if the filename
to save it to ends with .gz then gzip the report file. Thanks to Yuan-Chen
Cheng for the patch. (LP: #1837174)
* Catch zlib.error when decoding CoreDump from crash file (LP: #1947800)
* whoopsie-
(LP: #1867204)
* Drop Python 2 support
* Grab a slice of JournalErrors around the crash time (LP: #1962454)
* Fix several race conditions in test cases
* Make test cases more robust against running in specific environments
* Split the test suite into unit, integration, and system tests
Changelog
This release does not have a changelog.
