CVEs related to bugs in Apport

Open bugs

Bug CVE(s)
Bug #1839414: Apport follows symbolic links in path components when creating core dump file CVE-2019-11482
Apport New (unassigned)
Bug #1839417: Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script CVE-2019-11485
Apport New (unassigned)

Resolved bugs

Bug CVE(s)
Bug #357024: security hole in /etc/cron.daily/apport CVE-2009-1295
Apport Fix released, assigned to Martin Pitt
Bug #1242435: Desktop setuid cores readable by non-privileged user CVE-2013-1067
Apport Fix released, assigned to Martin Pitt
Bug #1438758: User to root privilege escalation (ab)using the crash forwarding feature of apport CVE-2015-1318
Apport Fix released, assigned to Martin Pitt
Bug #1452239: root escalation with fs.suid_dumpable=2 CVE-2015-1324
CVE-2015-1325
Apport Fix released, assigned to Martin Pitt
Bug #1453900: root escalation via race condition CVE-2015-1324
CVE-2015-1325
Apport Fix released (unassigned)
Bug #1492570: /usr/share/apport/kernel_crashdump accesses files in insecure manner CVE-2015-1338
Apport Fix released, assigned to Martin Pitt
Bug #1507480: Privilege escalation through Python module imports CVE-2015-1341
Apport Fix released, assigned to Martin Pitt
Bug #1648806: Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files CVE-2016-9949
CVE-2016-9950
CVE-2016-9951
Apport Fix released, assigned to Martin Pitt
Bug #1700573: Code execution through path traversal in .crash files processing CVE-2017-10708
Apport Fix released (unassigned)
Bug #1723822: uncaught TypeError triggers ValueError CVE-2017-14177
CVE-2017-14180
Apport Fix released (unassigned)
Bug #1830858: TOCTOU vulnerability in _get_ignore_dom (report.py) CVE-2019-7307
Apport Fix released (unassigned)
Bug #1830862: Apport reads arbitrary files if ~/.config/apport/settings is a symlink CVE-2019-11481
CVE-2019-11482
CVE-2019-11483
CVE-2019-11485
CVE-2019-15790
Apport Fix released (unassigned)
Bug #1839413: TOCTTOU ("time of check to time of use") "cwd" variable race condition CVE-2019-11481
CVE-2019-11482
CVE-2019-11483
CVE-2019-11485
CVE-2019-15790
Apport Fix released (unassigned)
Bug #1839415: Fully user controllable lock file due to lock file being located in world-writable directory CVE-2019-11481
CVE-2019-11482
CVE-2019-11483
CVE-2019-11485
CVE-2019-15790
Apport Fix released (unassigned)
Bug #1839420: Per-process user controllable Apport socket file CVE-2019-11481
CVE-2019-11482
CVE-2019-11483
CVE-2019-11485
CVE-2019-15790
Apport Fix released (unassigned)
Bug #1839795: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process CVE-2019-11481
CVE-2019-11482
CVE-2019-11483
CVE-2019-11485
CVE-2019-15790
Apport Fix released (unassigned)
Bug #1862348: Apport lock file root privilege escalation CVE-2020-8831
CVE-2020-8833
Apport Fix released (unassigned)
Bug #1862933: Apport crash report & cron script TOCTTOU CVE-2020-8831
CVE-2020-8833
Apport Fix released (unassigned)
Bug #1876659: Unhandled exception in run_hang() CVE-2020-11936
CVE-2020-15701
CVE-2020-15702
Apport Fix released (unassigned)
Bug #1877023: Unhandled exception in check_ignored() CVE-2020-11936
CVE-2020-15701
CVE-2020-15702
Apport Fix released (unassigned)
Bug #1885633: [ZDI-CAN-11233]: apport Unnecessary Privileges Information Disclosure Vulnerability CVE-2020-11936
CVE-2020-15701
CVE-2020-15702
Apport Fix released (unassigned)
Bug #1912326: Privilege escalation to root with core file dump CVE-2021-25682
CVE-2021-25683
CVE-2021-25684
Apport Fix released (unassigned)
Bug #1917904: Arbitrary file reads CVE-2021-32547
CVE-2021-32548
CVE-2021-32549
CVE-2021-32550
CVE-2021-32551
CVE-2021-32552
CVE-2021-32553
CVE-2021-32554
CVE-2021-32555
CVE-2021-32556
CVE-2021-32557
Apport Fix released (unassigned)
Bug #1933832: Path traversal leads to arbitrary file read CVE-2021-3709
CVE-2021-3710
Apport Fix released (unassigned)
Bug #1934308: Arbitrary file read in general hook (ubuntu.py) CVE-2021-3709
CVE-2021-3710
Apport Fix released (unassigned)
Bug #1948376: race condition in apport lead to Local Privilege Escalation CVE-2021-3899
Apport Fix released (unassigned)
Bug #2016023: viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326) CVE-2023-1326
Apport Fix released (unassigned)