EUVD-2025-202585

It was discovered that processcrash in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups...

Canonical apport 安全漏洞

Canonical apport is an open source crash reporting tool from Canonical. A security vulnerability exists in Canonical apport that stems from improper group ownership settings when the crash reporting tool creates crash files, which could lead to the disclosure of crash information...

EUVD-2025-16511

Malicious code in bioql PyPI...

CVE-2025-5054

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

CVE-2025-5054

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

CVE-2025-5054 Race Condition in Canonical Apport

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

CVE-2025-5054

CVE-2025-5054 summary (Mode C) Affected software: Canonical Apport (Linux crash reporter) up to version 2.32.0. Vulnerability: A race condition in Apport’s crash handling logic allows a local attacker to leak sensitive information by abusing PID reuse and namespace/container handling. Specificall...

CVE-2025-5054 Race Condition in Canonical Apport

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

Canonical Apport 竞争条件问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and providing feedback on error messages information that the operating system considers useful when an application crashes. A security vulnerability exists in Canonical Apport version 2.32.0 and earlier, which originates from a...

Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in versions of Apport prior to 2.21.0 that stems from allowing unlimited disk space to be...

Canonical Apport 资源管理错误漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. A resource management error vulnerability exists in Canonical Apport, which arises from the application not...

Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from a system where Apport does not disable the python cras...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from not filtering D-Bus...

Canonical Apport 竞争条件问题漏洞

Canonical Apport is a toolkit from Canonical UK that collects and feeds error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a Competing Conditions Issue vulnerability that arises from Apport incorrectly detecting whether...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from a system where Apport does not...

Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK that is used to collect and provide feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from not limiting the number of log entries...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security signature issue vulnerability exists in Canonical Apport that stems from incorrectly handling connections to...

Canonical Apport Injection Vulnerability

Canonical Apport is a toolkit from Canonical UK that collects and feeds error messages information that the operating system considers useful when an application crashes. An injection vulnerability exists in Canonical Apport, which can be exploited by a local attacker to escalate privileges and r...

Internet Bug Bounty: RCE on default Ubuntu Desktop >= 12.10 Quantal

I recently reported a number of vulnerabilities in Canonical's Apport crash report software. These bugs provided RCE on a default install of Ubuntu Desktop = 12.10 upon opening a malicious file. I reported the issues to the Apport maintainers and we coordinate the disclosure of these issues. Is t...