Bug 1191219 (CVE-2021-3710)

Summary: VUL-1: CVE-2021-3710: apport,apport-crashdb-sle: An information disclosure via path traversal was discovered in apport/hookutils.py function read_file()
Product: [Novell Products] SUSE Security Incidents Reporter: Gabriele Sonnu <gabriele.sonnu>
Component: IncidentsAssignee: Matej Cepl <mcepl>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/311482/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gabriele Sonnu 2021-10-01 10:35:05 UTC
An information disclosure via path traversal was discovered in
apport/hookutils.py function read_file(). This issue affects: apport 2.14.1
versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to
2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11
versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to
2.20.11-0ubuntu65.3;

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710
https://ubuntu.com/security/notices/USN-5077-1
https://ubuntu.com/security/notices/USN-5077-2
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832
Comment 1 Gabriele Sonnu 2021-10-01 10:35:22 UTC
None of our packages is affected.