Canonical Apport
Recent Canonical Apport Security Advisories
| Advisory | Title | Published |
|---|---|---|
| USN-5427-1 | USN-5427-1: Apport vulnerabilities | May 17, 2022 |
| USN-5122-2 | USN-5122-2: Apport vulnerability | October 26, 2021 |
| USN-5122-1 | USN-5122-1: Apport vulnerability | October 25, 2021 |
| USN-5077-2 | USN-5077-2: Apport vulnerabilities | September 14, 2021 |
| USN-5077-1 | USN-5077-1: Apport vulnerabilities | September 14, 2021 |
| USN-4965-2 | USN-4965-2: Apport vulnerabilities | May 25, 2021 |
| USN-4965-1 | USN-4965-1: Apport vulnerabilities | May 25, 2021 |
By the Year
In 2023 there have been 0 vulnerabilities in Canonical Apport . Apport did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 5 | 6.76 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Apport vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Canonical Apport Security Vulnerabilities
It was discovered that the process_report() function in data/whoopsie-upload-all
CVE-2021-32557
7.1 - High
- June 12, 2021
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
insecure temporary file
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py
CVE-2021-32556
3.3 - Low
- June 12, 2021
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Shell injection
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25684
7.8 - High
- June 11, 2021
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Improper Input Validation
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file
CVE-2021-25683
7.8 - High
- June 11, 2021
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
Improper Input Validation
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file
CVE-2021-25682
7.8 - High
- June 11, 2021
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Apport or by Canonical? Click the Watch button to subscribe.
