This is also fall out of the following change:
- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_crashdump, and similar) to open the report file exclusively,
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1338
** Changed in: apport (Ubuntu)
Status: New => Triaged
** Information type changed from Private to Public
** Tags added: rls-w-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1500541
Title:
apport-retrace crashed with IOError in __main__: [Errno 13] Permission
denied: '_usr_bin_Xorg.0.crash'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1500541/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
