This bug was fixed in the package apport - 2.14.1-0ubuntu3.10
---------------
apport (2.14.1-0ubuntu3.10) trusty-security; urgency=medium
* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
- data/apport: temporarily disable container support until it can be
re-written in a secure manner.
- CVE number pending
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 16 Apr 2015 07:56:02
-0400
** Changed in: apport (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure /proc/net/unix parsing
Status in apport package in Ubuntu:
Confirmed
Status in apport source package in Trusty:
Fix Released
Status in apport source package in Utopic:
Fix Released
Status in apport source package in Vivid:
Confirmed
Bug description:
The fix in USN-2569-1 introduced a vulnerability when parsing
/proc/net/unix.
There is a known issue in the kernel where newlines aren't being escaped
properly:
http://www.spinics.net/lists/netdev/msg320556.html
Resulting in Tavis Ormandy finding a new issue:
http://www.openwall.com/lists/oss-security/2015/04/14/18
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
