desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #113050
[Bug 1444518] Re: Insecure /proc/net/unix parsing
** Patch added: "Stéphane's proposed patch"
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+attachment/4376296/+files/apport.patch
** Also affects: apport (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: apport (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: apport (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: apport (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: apport (Ubuntu Utopic)
Status: New => Confirmed
** Changed in: apport (Ubuntu Vivid)
Status: New => Confirmed
** Changed in: apport (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apport (Ubuntu Utopic)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure /proc/net/unix parsing
Status in apport package in Ubuntu:
Confirmed
Status in apport source package in Trusty:
Confirmed
Status in apport source package in Utopic:
Confirmed
Status in apport source package in Vivid:
Confirmed
Bug description:
The fix in USN-2569-1 introduced a vulnerability when parsing
/proc/net/unix.
There is a known issue in the kernel where newlines aren't being escaped properly:
http://www.spinics.net/lists/netdev/msg320556.html
Resulting in Tavis Ormandy finding a new issue:
http://www.openwall.com/lists/oss-security/2015/04/14/18
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+subscriptions
References