CVE-2020-15701

Published: 13 May 2020

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
apport
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa)
Released (2.20.11-0ubuntu27.6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.20.9-0ubuntu7.16)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.20.1-0ubuntu2.24)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.14.1-0ubuntu3.29+esm5)