CVE-2016-9950

Name of the Vulnerable Software and Affected Versions Apport versions prior to 2.20.4

Description An issue was discovered in Apport, where a path traversal issue exists in the "Package" and SourcePackage fields of the Apport crash file. These fields are used to build a path to the package specific hook files in the "/usr/share/apport/package-hooks/" directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

Recommendations For versions prior to 2.20.4, update to version 2.20.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the package specific hook files in the /usr/share/apport/package-hooks/ directory to minimize the risk of exploitation.