CVE-2019-11481
Published: 27 August 2019
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
apport Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.20.11-0ubuntu10)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.20.9-0ubuntu7.8)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.20.1-0ubuntu2.20)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.14.1-0ubuntu3.29+esm2)
|