Home
LOW: 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:PDefault status
unaffected
2.20.11-0ubuntu82 (dpkg) before 2.20.11-0ubuntu82.7
affected
2.32.0 (dpkg) before 2.32.0-0ubuntu5.1
affected
2.20.9 (dpkg) before 2.20.9-0ubuntu7.29+esm1
affected
2.28.1 (dpkg) before 2.28.1-0ubuntu3.6
affected
2.33.0 (dpkg) before 2.33.0-0ubuntu1
affected
2.20.1 (dpkg) before 2.20.1-0ubuntu2.30+esm5
affected
2.20.11-0ubuntu27 (dpkg) before 2.20.11-0ubuntu27.28
affected
Description
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
Problem types
CWE-708: Incorrect Ownership Assignment
Product status
2.20.11-0ubuntu82 (dpkg) before 2.20.11-0ubuntu82.7
2.32.0 (dpkg) before 2.32.0-0ubuntu5.1
2.20.9 (dpkg) before 2.20.9-0ubuntu7.29+esm1
2.28.1 (dpkg) before 2.28.1-0ubuntu3.6
2.33.0 (dpkg) before 2.33.0-0ubuntu1
2.20.1 (dpkg) before 2.20.1-0ubuntu2.30+esm5
2.20.11-0ubuntu27 (dpkg) before 2.20.11-0ubuntu27.28
Credits
Rich Mirch
References
www.stratascale.com/...25-32462-ubuntu-apport-vulnerability/
bugs.launchpad.net/apport/+bug/2106338
