PT-2021-19777 · Apport+2 · Apport+2

Maik@Secfault-Security.Com

Published

2021-05-25

Updated

2021-06-16

CVE-2021-32554

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions apport (affected versions not specified)

Description A issue was found in the read file() function in apport/hookutils.py, which could follow symbolic links or open FIFOs. This could potentially expose private data to other local users when used by the xorg package apport hooks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-61

Related Identifiers

CVE-2021-32554

USN-4965-1

USN-4965-2

Affected Products

Linuxmint

Ubuntu

Apport

PT-2021-19777 · Apport+2 · Apport+2

CVE-2021-32554

Weakness Enumeration

Related Identifiers

Affected Products

References · 20