First Last Prev Next    This bug is not in your last search results.
Bug 1191218 - (CVE-2021-3709) VUL-1: CVE-2021-3709: apport,apport-crashdb-sle: function check_attachment_for_errors() could be tricked into exposing private data via a constructed crash file
(CVE-2021-3709)
VUL-1: CVE-2021-3709: apport,apport-crashdb-sle: function check_attachment_fo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Matej Cepl
Security Team bot
https://smash.suse.de/issue/311483/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-10-01 10:29 UTC by Gabriele Sonnu
Modified: 2021-10-01 10:30 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2021-10-01 10:29:32 UTC 
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py
could be tricked into exposing private data via a constructed crash file. This
issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1
versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to
2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11
versions prior to 2.20.11-0ubuntu65.3;

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308
https://ubuntu.com/security/notices/USN-5077-1
https://ubuntu.com/security/notices/USN-5077-2
Comment 1 Gabriele Sonnu 2021-10-01 10:30:07 UTC 
None of our packages is affected.
First Last Prev Next    This bug is not in your last search results.