CVE-2021-3709

Name of the Vulnerable Software and Affected Versions apport versions prior to 2.14.1-0ubuntu3.29+esm8 apport versions prior to 2.20.1-0ubuntu2.30+esm2 apport versions prior to 2.20.9-0ubuntu7.26 apport versions prior to 2.20.11-0ubuntu27.20 apport versions prior to 2.20.11-0ubuntu65.3

Description The issue is related to the check attachment for errors() function in the data/general-hooks/ubuntu.py file of the apport error registration service in the Ubuntu operating system. This function is associated with a potential information leak about files and directories. An attacker could exploit this issue by constructing a crash file to expose protected information.

Recommendations For apport versions prior to 2.14.1-0ubuntu3.29+esm8, update to version 2.14.1-0ubuntu3.29+esm8 or later. For apport versions prior to 2.20.1-0ubuntu2.30+esm2, update to version 2.20.1-0ubuntu2.30+esm2 or later. For apport versions prior to 2.20.9-0ubuntu7.26, update to version 2.20.9-0ubuntu7.26 or later. For apport versions prior to 2.20.11-0ubuntu27.20, update to version 2.20.11-0ubuntu27.20 or later. For apport versions prior to 2.20.11-0ubuntu65.3, update to version 2.20.11-0ubuntu65.3 or later.