Format: 1.8
Date: Mon, 13 Nov 2017 08:54:04 -0800
Source: apport
Binary: apport python-problem-report python3-problem-report python-apport python3-apport apport-retrace apport-valgrind apport-gtk apport-kde dh-apport apport-noui
Architecture: all i386_translations
Version: 2.14.1-0ubuntu3.27
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-060.buildd>
Changed-By: Brian Murray <brian@ubuntu.com>
Description: 
 apport     - automatically generate crash reports for debugging
 apport-gtk - GTK+ frontend for the apport crash report system
 apport-kde - KDE frontend for the apport crash report system
 apport-noui - tools for automatically reporting Apport crash reports
 apport-retrace - tools for reprocessing Apport crash reports
 apport-valgrind - valgrind wrapper that first downloads debug symbols
 dh-apport  - debhelper extension for the apport crash report system
 python-apport - Python library for Apport crash report handling
 python-problem-report - Python library to handle problem reports
 python3-apport - Python 3 library for Apport crash report handling
 python3-problem-report - Python 3 library to handle problem reports
Launchpad-Bugs-Fixed: 1726372
Changes: 
 apport (2.14.1-0ubuntu3.27) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Denial of service via resource exhaustion and
     privilege escalation when handling crashes of tainted processes
     (LP: #1726372)
     - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
       the user and group owning the /proc/<PID>/stat file is the same
       user and group that started the process. Rather check the dump
       mode of the crashed process and do not write a core file if its
       value is 2. Thanks to Sander Bos for discovering this issue!
     - CVE-2017-14177
   * SECURITY UPDATE: Denial of service via resource exhaustion,
     privilege escalation, and possible container escape when handling
     crashes of processes inside PID namespaces (LP: #1726372)
     - Change the method for determining if a crash is from a container
       so that there are no false positives from software using PID
       namespaces. Additionally, disable container crash forwarding by
       ignoring crashes that occur in a PID namespace. This functionality
       may be re-enabled in a future update. Thanks to Sander Bos for
       discovering this issue!
     - CVE-2017-14180
Checksums-Sha1: 
 1eea090126139c178e57da52f4677242e0de8e4c 183220 apport_2.14.1-0ubuntu3.27_all.deb
 76b153c7b2f19fc3edce12d3dcfca9c2816de7f6 9410 python-problem-report_2.14.1-0ubuntu3.27_all.deb
 1c9f4340116445d154d08e443d1429d39e6962b0 9490 python3-problem-report_2.14.1-0ubuntu3.27_all.deb
 8ed082dab0db11e34ebf552a74625b5082c49b62 75392 python-apport_2.14.1-0ubuntu3.27_all.deb
 69d4a9790635a9fee627d031bb4ab6b233fdc9d4 75458 python3-apport_2.14.1-0ubuntu3.27_all.deb
 b176c9f4af9550fd76955df6a7d79726f3e6ad15 12260 apport-retrace_2.14.1-0ubuntu3.27_all.deb
 b020f6f42a2531825a0ab0905344f21529aebcde 5076 apport-valgrind_2.14.1-0ubuntu3.27_all.deb
 fce353035bdae0de21847a7a01d984812619dc80 9536 apport-gtk_2.14.1-0ubuntu3.27_all.deb
 3f240378f6bb3778feb1e8e594e327503ae50795 18856 apport-kde_2.14.1-0ubuntu3.27_all.deb
 a76f5c80a791f4a30decdd47b92e37d22e235cfb 7186 dh-apport_2.14.1-0ubuntu3.27_all.deb
 d7db5d2b22ff098c7e3ca1ec13480fe980796278 2202 apport-noui_2.14.1-0ubuntu3.27_all.deb
 6dc076797f5b2165ccd29902b27a41088edca0db 1171758 apport_2.14.1-0ubuntu3.27_i386_translations.tar.gz
Checksums-Sha256: 
 3567aa9c31f85b370505dd8a5233cd744c1d86ab8a75e27111baa109e518de78 183220 apport_2.14.1-0ubuntu3.27_all.deb
 d2fcaf3dca539aba2463f739b195f30816cafca235d7722a5633782bbe7a900a 9410 python-problem-report_2.14.1-0ubuntu3.27_all.deb
 fe72ebc463055a7cf1fdd383433033f80182ba7095b451b7a5c041aa8d2f1f26 9490 python3-problem-report_2.14.1-0ubuntu3.27_all.deb
 8a307d946bf885e9ee4017560336e03351f1c0148194b4e043769f75989c7163 75392 python-apport_2.14.1-0ubuntu3.27_all.deb
 b0087692acef43d364e6eb35fd06a3a140421771f8dd2dbb383237cf5bceaeb3 75458 python3-apport_2.14.1-0ubuntu3.27_all.deb
 0385d6afb3a48624c69310ef18afe40c37030e39002e18dc521e1d709460b29b 12260 apport-retrace_2.14.1-0ubuntu3.27_all.deb
 8391ee0ad56a5f59e852d2404f1eefb5dbc3130592cd9abb612addf98dadff91 5076 apport-valgrind_2.14.1-0ubuntu3.27_all.deb
 205047911594d1576703edfe71676d8be01f1bec28d1d9f1d20e3a272a7126dd 9536 apport-gtk_2.14.1-0ubuntu3.27_all.deb
 858d9bd590b57ba6d631f14886f98076e26c18d91ad1171b87d91b90a8547cb6 18856 apport-kde_2.14.1-0ubuntu3.27_all.deb
 5da2942711cd381f35b658c323f3b95f0653d187bbd1cf0b9541c7c859245150 7186 dh-apport_2.14.1-0ubuntu3.27_all.deb
 f6bbe5c36f237f9d37cdf216cc60d696e12eb4f33149904b19370eb9180ca548 2202 apport-noui_2.14.1-0ubuntu3.27_all.deb
 18a8800ed256f7cf708cfcca3c1495669ef335e6bffe8053e9a2a4299cb8a0e4 1171758 apport_2.14.1-0ubuntu3.27_i386_translations.tar.gz
Files: 
 7cdeb7008b5ed08f57126bcb0f1574b0 183220 utils optional apport_2.14.1-0ubuntu3.27_all.deb
 b2eeecc6b87bf78120933901f4b14af9 9410 python optional python-problem-report_2.14.1-0ubuntu3.27_all.deb
 44b9ff76bc3c032d6da5d1387b8dfffd 9490 python optional python3-problem-report_2.14.1-0ubuntu3.27_all.deb
 ec38309fa28fcefa8ee2af2d4e252e37 75392 python optional python-apport_2.14.1-0ubuntu3.27_all.deb
 edb1ccbb7c4454ae0e4aca5f80053fab 75458 python optional python3-apport_2.14.1-0ubuntu3.27_all.deb
 942698e76ba0e88917075544a45cdab4 12260 devel optional apport-retrace_2.14.1-0ubuntu3.27_all.deb
 fa35477218ef76c9014f9498a2437ee1 5076 devel optional apport-valgrind_2.14.1-0ubuntu3.27_all.deb
 48d71f5fe52feb2e6b85756e89adfd93 9536 gnome optional apport-gtk_2.14.1-0ubuntu3.27_all.deb
 dbf85202fc492e06240a983ddcd640e1 18856 kde optional apport-kde_2.14.1-0ubuntu3.27_all.deb
 5661f08b50c958183ad3a344e19559ed 7186 devel optional dh-apport_2.14.1-0ubuntu3.27_all.deb
 66ecddaaef7879259bb8bf4d7c312383 2202 utils optional apport-noui_2.14.1-0ubuntu3.27_all.deb
 652968c5dab7ef1782db5d5674b6b25a 1171758 raw-translations - apport_2.14.1-0ubuntu3.27_i386_translations.tar.gz