Donncha Ocearbhaill

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.20.4 **Description** An issue in Apport allows remote attackers to execute arbitrary Python code. This occurs when Apport reads the CrashDB field in apport/ui.py and evaluates it as Python code if the field begins with a "{". **Recommendations** For versions prior to 2.20.4, update to version 2.20.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the CrashDB field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.20.4 **Description** An issue was discovered in Apport, where a path traversal issue exists in the "Package" and `SourcePackage` fields of the Apport crash file. These fields are used to build a path to the package specific hook files in the "/usr/share/apport/package-hooks/" directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. **Recommendations** For versions prior to 2.20.4, update to version 2.20.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the package specific hook files in the /usr/share/apport/package-hooks/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.20.4 **Description** An issue was discovered where a malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields, which will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. **Recommendations** For Apport versions prior to 2.20.4, the fix is to only show the Relaunch button on Apport crash files generated by local systems, and hide the Relaunch button when crash files are opened directly in Apport-GTK.