Apport Canonical Apport

Do you want an email whenever new security vulnerabilities are reported in Canonical Apport?

Recent Canonical Apport Security Advisories

Advisory Title Published
USN-6018-1 USN-6018-1: Apport vulnerability April 13, 2023
USN-5427-1 USN-5427-1: Apport vulnerabilities May 17, 2022
USN-5122-2 USN-5122-2: Apport vulnerability October 26, 2021
USN-5122-1 USN-5122-1: Apport vulnerability October 25, 2021
USN-5077-2 USN-5077-2: Apport vulnerabilities September 14, 2021
USN-5077-1 USN-5077-1: Apport vulnerabilities September 14, 2021
USN-4965-2 USN-4965-2: Apport vulnerabilities May 25, 2021
USN-4965-1 USN-4965-1: Apport vulnerabilities May 25, 2021

By the Year

In 2024 there have been 0 vulnerabilities in Canonical Apport . Last year Apport had 1 security vulnerability published. Right now, Apport is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.80
2022 0 0.00
2021 5 6.76
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Apport vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Canonical Apport Security Vulnerabilities

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604

CVE-2023-1326 7.8 - High - April 13, 2023

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Improper Privilege Management

It was discovered that the process_report() function in data/whoopsie-upload-all

CVE-2021-32557 7.1 - High - June 12, 2021

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

insecure temporary file

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py

CVE-2021-32556 3.3 - Low - June 12, 2021

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

Shell injection

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

CVE-2021-25684 7.8 - High - June 11, 2021

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

Improper Input Validation

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file

CVE-2021-25683 7.8 - High - June 11, 2021

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

Improper Input Validation

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file

CVE-2021-25682 7.8 - High - June 11, 2021

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Apport or by Canonical? Click the Watch button to subscribe.

Canonical
Vendor

subscribe