Latest canonical apport Vulnerabilities

● CVE-2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, les...

<=2.26.0

=18.04

=20.04

=22.04

=22.10

Canonical Apport<=2.26.0

and 10 more

● CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions pr...

Canonical Apport=2.14.1-0ubuntu1

Canonical Apport=2.14.1-0ubuntu2

Canonical Apport=2.14.1-0ubuntu3

Canonical Apport=2.14.1-0ubuntu3.1

Canonical Apport=2.14.1-0ubuntu3.2

Canonical Apport=2.14.1-0ubuntu3.3

and 176 more

● CVE-2021-32557

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

Canonical Apport>=2.14.1-0ubuntu3<2.14.1-0ubuntu3.29\+esm7

Canonical Apport>=2.20.1<2.20.1-0ubuntu2.30\+esm1

Canonical Apport>=2.20.9<2.20.9-0ubuntu7.24

Canonical Apport>=2.20.11-0ubuntu27<2.20.11-0ubuntu27.18

Canonical Apport>=2.20.11-0ubuntu50<2.20.11-0ubuntu50.7

Canonical Apport>=2.20.11-0ubuntu65<2.20.11-0ubuntu65.1

● CVE-2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

Canonical Apport>=2.20.1-0ubuntu1<2.20.1-0ubuntu2.30

Canonical Apport>=2.20.9-0ubuntu1<2.20.9-0ubuntu7.23

Canonical Apport>=2.20.11-0ubuntu27<2.20.11-0ubuntu27.16

Canonical Apport>=2.20.11-0ubuntu50<2.20.11-0ubuntu50.5

● CVE-2021-25684

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

Canonical Apport>=2.20.1-0ubuntu1<2.20.1-0ubuntu2.30

Canonical Apport>=2.20.9-0ubuntu1<2.20.9-0ubuntu7.23

Canonical Apport>=2.20.11-0ubuntu27<2.20.11-0ubuntu27.16

Canonical Apport>=2.20.11-0ubuntu50<2.20.11-0ubuntu50.5

● CVE-2021-25683

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

Canonical Apport>=2.20.1-0ubuntu1<2.20.1-0ubuntu2.30

Canonical Apport>=2.20.9-0ubuntu1<2.20.9-0ubuntu7.23

Canonical Apport>=2.20.11-0ubuntu27<2.20.11-0ubuntu27.16

Canonical Apport>=2.20.11-0ubuntu50<2.20.11-0ubuntu50.5

● CVE-2020-15702

Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

=2.20.11-0ubuntu8

=2.20.11-0ubuntu9

=2.20.11-0ubuntu10

=2.20.11-0ubuntu11

=2.20.11-0ubuntu12

=2.20.11-0ubuntu13

and 207 more

● CVE-2020-15701

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will ...

Canonical Apport=2.20.11-0ubuntu8

Canonical Apport=2.20.11-0ubuntu9

Canonical Apport=2.20.11-0ubuntu10

Canonical Apport=2.20.11-0ubuntu11

Canonical Apport=2.20.11-0ubuntu12

Canonical Apport=2.20.11-0ubuntu13

and 208 more

● CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Canonical Ubuntu Linux=12.04

Canonical Ubuntu Linux=14.04

Canonical Ubuntu Linux=15.04

Canonical Ubuntu Linux=15.10

Canonical Apport<2.19.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.