unix parsing

Martin Pitt Thu, 16 Apr 2015 15:12:40 -0700

Fixed (aka disabled) upstream: http://bazaar.launchpad.net/~apport-
hackers/apport/trunk/revision/2948


** Changed in: apport
       Status: In Progress => Fix Committed

** Changed in: apport
     Assignee: Martin Pitt (pitti) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1444518

Title:
  Insecure /proc/net/unix parsing

Status in Apport crash detection/reporting:
  Fix Committed
Status in apport package in Ubuntu:
  In Progress
Status in apport source package in Trusty:
  Fix Released
Status in apport source package in Utopic:
  Fix Released
Status in apport source package in Vivid:
  In Progress

Bug description:
  The fix in USN-2569-1 introduced a vulnerability when parsing
  /proc/net/unix.

  There is a known issue in the kernel where newlines aren't being escaped 
properly:
  http://www.spinics.net/lists/netdev/msg320556.html

  Resulting in Tavis Ormandy finding a new issue:

  http://www.openwall.com/lists/oss-security/2015/04/14/18

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1444518/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1444518] Re: Insecure /proc/net/unix parsing

Reply via email to