USN-5077-1: Apport vulnerabilities

🗓️ 14 Sep 2021 11:54:26Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 98 Views

Apport vulnerability in Ubuntu releases for apport package

Reporter	Title	Published	Views	Family All 31
BDU FSTEC	The vulnerability of the read_file function in the Ubuntu operating system’s error reporting service, Apport, allows a hacker to disclose protected information.	10 Nov 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the `check_attachment_for_errors` function in the `data/general-hooks/ubuntu.py` file of the Apport operating system’s error registration service allows a hacker to disclose protected information.	11 Nov 202100:00	–	bdu_fstec
CNNVD	Apport 路径遍历漏洞	14 Sep 202100:00	–	cnnvd
CNNVD	Apport 路径遍历漏洞	14 Sep 202100:00	–	cnnvd
CVE	CVE-2021-3709	1 Oct 202102:35	–	cve
CVE	CVE-2021-3710	1 Oct 202102:35	–	cve
Cvelist	CVE-2021-3709 Apport file permission bypass through emacs byte compilation errors	1 Oct 202102:35	–	cvelist
Cvelist	CVE-2021-3710 Apport info disclosure via path traversal bug in read_file	1 Oct 202102:35	–	cvelist
EUVD	EUVD-2021-26992	7 Oct 202500:30	–	euvd
EUVD	EUVD-2021-26993	7 Oct 202500:30	–	euvd

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	python-apport	2.20.9-0ubuntu7.26	python-apport_2.20.9-0ubuntu7.26_any.deb
Ubuntu	20.04	any	python3-problem-report	2.20.11-0ubuntu27.20	python3-problem-report_2.20.11-0ubuntu27.20_any.deb
Ubuntu	21.04	any	python3-problem-report	2.20.11-0ubuntu65.3	python3-problem-report_2.20.11-0ubuntu65.3_any.deb

14 Sep 2021 11:54Current

6Medium risk

Vulners AI Score6

CVSS 24.7

CVSS 3.15.5 - 6.5

EPSS0.00448

ubuntu apport vulnerability information gathering local attacker sensitive information unix