~xnox/ubuntu/focal/apport/apport-on-powerpc-crashes-subiquity-during-crash-reporting

Viewing all changes in revision 2757.

  • Committer: Brian Murray
  • Date: 2020-04-02 20:10:51 UTC
  • Revision ID: brian@canonical.com-20200402201051-bh8k3p4t3kxa0c2i
* SECURITY UPDATE: World writable root owned lock file created in user
  controllable location (LP: #1862348)
  - data/apport: Change location of lock file to be directly under
    /var/run so that regular users can not directly access it or perform
    symlink attacks.
  - CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
  (LP: #1862933)
  - data/apport: When setting owner of report file use a file-descriptor
    to the report file instead of its path name to ensure that users can
    not cause Apport to change the ownership of other files via a
    symlink attack.
  - CVE-2020-8833

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: