Canonical ≫ Ubuntu Linux

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main ...

is_closing_session() allows users to consume RAM in the Apport process

Apport does not disable python crash handler before entering chroot

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

is_closing_session() allows users to fill up apport.log

is_closing_session() allows users to create arbitrary tcp dbus connections

Apport can be tricked into connecting to arbitrary sockets as the root user

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.