apport (2.20.1-0ubuntu2.23) xenial-security; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
Date: 2020-03-27 07:00:19.529151+00:00
Changed-By: Alex Murray <[email protected]>
Maintainer: Martin Pitt <[email protected]>
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.23
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
