This bug was fixed in the package apport - 2.20.11-0ubuntu27.6
---------------
apport (2.20.11-0ubuntu27.6) focal-security; urgency=medium
* SECURITY UPDATE: information disclosure issue (LP: #1885633)
- data/apport: also drop gid when checking if user session is closing.
- CVE-2020-11936
* SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
- apport/report.py: don't crash on malformed mtime values.
- CVE-2020-15701
* SECURITY UPDATE: TOCTOU in core file location
- data/apport: make sure the process hasn't been replaced after Apport
has started.
- CVE-2020-15702
* apport/ui.py, test/test_ui.py: make sure a PID is specified when using
--hanging (LP: #1876659)
* WARNING: This package does _not_ contain the changes from
2.20.11-0ubuntu27.5 in focal-proposed.
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 31 Jul 2020
09:10:30 -0400
** Changed in: apport (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11936
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15701
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15702
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1876659
Title:
Unhandled exception in run_hang()
Status in Apport:
New
Status in apport package in Ubuntu:
Fix Released
Bug description:
## Description
When we start apport-cli without PID, an unhandled exception in apport
2.20.11 and earlier may allow an authenticated user to potentially enable a
denial of service via local access.
The following command may cause an application crash due to an
unhandled exception.
$ apport-cli --hanging
*** Send problem report to the developers?
After the problem report has been sent, please fill out the form in the
automatically opened web browser.
What would you like to do? Your options are:
S: Send report (24.0 KB)
V: View report
K: Keep report file for sending later or copying to somewhere else
I: Cancel and ignore future crashes of this program version
C: Cancel
Please choose (S/V/K/I/C): K
Problem report file: /tmp/apport.apport.uc0_znhj.apport
Traceback (most recent call last):
File "/usr/bin/apport-cli", line 387, in <module>
if not app.run_argv():
File "/usr/lib/python3/dist-packages/apport/ui.py", line 690, in run_argv
self.run_hang(self.options.pid)
File "/usr/lib/python3/dist-packages/apport/ui.py", line 410, in run_hang
os.kill(int(pid), signal.SIGKILL)
TypeError: int() argument must be a string, a bytes-like object or a number,
not 'NoneType'
Above command generates the following application crash file in /var/crash/
directory.
ProblemType: Crash
CurrentDesktop: ubuntu:GNOME
Date: Sun May 3 19:09:41 2020
ExecutablePath: /usr/bin/apport-cli
ExecutableTimestamp: 1585099033
InterpreterPath: /usr/bin/python3.6
ProcCmdline: /usr/bin/python3 /usr/bin/apport-cli --hanging
ProcCwd: /home/user/apport/bin
ProcEnviron:
...
ProcMaps:
...
ProcStatus:
...
PythonArgs: ['/usr/bin/apport-cli', '--hanging']
Traceback:
Traceback (most recent call last):
File "/usr/bin/apport-cli", line 387, in <module>
if not app.run_argv():
File "/usr/lib/python3/dist-packages/apport/ui.py", line 690, in run_argv
self.run_hang(self.options.pid)
File "/usr/lib/python3/dist-packages/apport/ui.py", line 410, in run_hang
os.kill(int(pid), signal.SIGKILL)
TypeError: int() argument must be a string, a bytes-like object or a number,
not 'NoneType'
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_LogindSession: 6
Many thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1876659/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
