This bug was fixed in the package apport - 2.17.2-0ubuntu1 --------------- apport (2.17.2-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release: - SECURITY UPDATE: Disable crash forwarding to containers. The previous fix in 2.17.1 was not sufficient against all attack scenarios. By binding to specially crafted sockes, a normal user program could forge arbitrary entries in /proc/net/unix. We cannot currently rely on a kernel-side solution for this; this feature will be re-enabled once it gets re-done to be secure. (LP: #1444518) - apport-kde: Fix crash when showing byte array values. Thanks Jonathan Riddell. (LP: #1443659) - Really create a better duplicate signature for recoverable problems, using ExecutablePath. Thanks Brian Murray. (LP: #1316763) * Disable Launchpad crash upload for final Ubuntu 15.04. -- Martin Pitt <martin.p...@ubuntu.com> Thu, 16 Apr 2015 17:51:18 -0500 ** Changed in: apport (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1444518 Title: Insecure /proc/net/unix parsing Status in Apport crash detection/reporting: Fix Released Status in apport package in Ubuntu: Fix Released Status in apport source package in Trusty: Fix Released Status in apport source package in Utopic: Fix Released Status in apport source package in Vivid: Fix Released Bug description: The fix in USN-2569-1 introduced a vulnerability when parsing /proc/net/unix. There is a known issue in the kernel where newlines aren't being escaped properly: http://www.spinics.net/lists/netdev/msg320556.html Resulting in Tavis Ormandy finding a new issue: http://www.openwall.com/lists/oss-security/2015/04/14/18 To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1444518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp