EUVD-2020-7688

Malware in sbrugna...

CVE-2020-15701

An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...

Code injection

An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...

CVE-2020-15701

The CVE-2020-15701 issue affects the apport component (Apport) where an unhandled exception in check_ignored() can crash the process if mtime in apport-ignore.xml is a string, enabling a local DoS. Exploitation details are not described beyond local access prerequisites. The vulnerability is addr...

CVE-2019-7307 Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users /.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on th...