CVE-2021-3710

Name of the Vulnerable Software and Affected Versions apport versions prior to 2.14.1-0ubuntu3.29+esm8 apport versions prior to 2.20.1-0ubuntu2.30+esm2 apport versions prior to 2.20.9-0ubuntu7.26 apport versions prior to 2.20.11-0ubuntu27.20 apport versions prior to 2.20.11-0ubuntu65.3

Description The issue is related to the read file function in the apport error registration service, which is associated with incorrect restriction of the path name to a directory with limited access. This can allow an attacker to disclose protected information via path traversal. The read file function in apport/hookutils.py is specifically affected.

Recommendations For apport versions prior to 2.14.1-0ubuntu3.29+esm8, update to version 2.14.1-0ubuntu3.29+esm8 or later. For apport versions prior to 2.20.1-0ubuntu2.30+esm2, update to version 2.20.1-0ubuntu2.30+esm2 or later. For apport versions prior to 2.20.9-0ubuntu7.26, update to version 2.20.9-0ubuntu7.26 or later. For apport versions prior to 2.20.11-0ubuntu27.20, update to version 2.20.11-0ubuntu27.20 or later. For apport versions prior to 2.20.11-0ubuntu65.3, update to version 2.20.11-0ubuntu65.3 or later.