[Desktop-packages] [Bug 1444518] Re: Insecure /proc/net/unix parsing

Fri, 17 Apr 2015 10:56:29 -0700 

This bug was fixed in the package apport - 2.17.2-0ubuntu1

---------------
apport (2.17.2-0ubuntu1) vivid; urgency=medium

  * New upstream bug fix release:
    - SECURITY UPDATE: Disable crash forwarding to containers. The previous
      fix in 2.17.1 was not sufficient against all attack scenarios. By
      binding to specially crafted sockes, a normal user program could forge
      arbitrary entries in /proc/net/unix. We cannot currently rely on a
      kernel-side solution for this; this feature will be re-enabled once it
      gets re-done to be secure. (LP: #1444518)
    - apport-kde: Fix crash when showing byte array values. Thanks Jonathan
      Riddell. (LP: #1443659)
    - Really create a better duplicate signature for recoverable problems,
      using ExecutablePath. Thanks Brian Murray. (LP: #1316763)
  * Disable Launchpad crash upload for final Ubuntu 15.04.
 -- Martin Pitt <martin.p...@ubuntu.com>   Thu, 16 Apr 2015 17:51:18 -0500

** Changed in: apport (Ubuntu Vivid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1444518

Title:
  Insecure /proc/net/unix parsing

Status in Apport crash detection/reporting:
  Fix Released
Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Trusty:
  Fix Released
Status in apport source package in Utopic:
  Fix Released
Status in apport source package in Vivid:
  Fix Released

Bug description:
  The fix in USN-2569-1 introduced a vulnerability when parsing
  /proc/net/unix.

  There is a known issue in the kernel where newlines aren't being escaped 
properly:
  http://www.spinics.net/lists/netdev/msg320556.html

  Resulting in Tavis Ormandy finding a new issue:

  http://www.openwall.com/lists/oss-security/2015/04/14/18

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1444518/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to