Canonical Apport
Recent Canonical Apport Security Advisories
Advisory | Title | Published |
---|---|---|
USN-6018-1 | USN-6018-1: Apport vulnerability | April 13, 2023 |
USN-5427-1 | USN-5427-1: Apport vulnerabilities | May 17, 2022 |
USN-5122-2 | USN-5122-2: Apport vulnerability | October 26, 2021 |
USN-5122-1 | USN-5122-1: Apport vulnerability | October 25, 2021 |
USN-5077-2 | USN-5077-2: Apport vulnerabilities | September 14, 2021 |
USN-5077-1 | USN-5077-1: Apport vulnerabilities | September 14, 2021 |
USN-4965-2 | USN-4965-2: Apport vulnerabilities | May 25, 2021 |
USN-4965-1 | USN-4965-1: Apport vulnerabilities | May 25, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Canonical Apport . Last year Apport had 1 security vulnerability published. Right now, Apport is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.80 |
2022 | 0 | 0.00 |
2021 | 5 | 6.76 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Apport vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Canonical Apport Security Vulnerabilities
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604
CVE-2023-1326
7.8 - High
- April 13, 2023
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Improper Privilege Management
It was discovered that the process_report() function in data/whoopsie-upload-all
CVE-2021-32557
7.1 - High
- June 12, 2021
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
insecure temporary file
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py
CVE-2021-32556
3.3 - Low
- June 12, 2021
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Shell injection
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25684
7.8 - High
- June 11, 2021
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Improper Input Validation
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file
CVE-2021-25683
7.8 - High
- June 11, 2021
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
Improper Input Validation
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file
CVE-2021-25682
7.8 - High
- June 11, 2021
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Apport or by Canonical? Click the Watch button to subscribe.