- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_crashdump, and similar) to open the report file exclusively,
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
This is also fall out of the following change:
- SECURITY FIX: Fix all writers of report files (package_hook, crashdump, and similar) to open the report file exclusively,
kernel_
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)