CVE-2021-3899

Publication date 17 May 2022

Last updated 24 July 2024

Ubuntu priority

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apport	24.10 oracular	Fixed 2.21.0-0ubuntu1
	24.04 LTS noble	Fixed 2.21.0-0ubuntu1
	23.10 mantic	Fixed 2.21.0-0ubuntu1
	23.04 lunar	Fixed 2.21.0-0ubuntu1
	22.10 kinetic	Fixed 2.21.0-0ubuntu1
	22.04 LTS jammy	Fixed 2.20.11-0ubuntu82.1
	21.10 impish	Fixed 2.20.11-0ubuntu71.2
	21.04 hirsute	Ignored end of life
	20.04 LTS focal	Fixed 2.20.11-0ubuntu27.24
	18.04 LTS bionic	Fixed 2.20.9-0ubuntu7.28
	16.04 LTS xenial	Fixed 2.20.1-0ubuntu2.30+esm4 Ubuntu Pro
	14.04 LTS trusty	Ignored end of ESM support, was needed

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

References

Related Ubuntu Security Notices (USN)

USN-5427-1
Apport vulnerabilities
17 May 2022

USN-6894-1
Apport vulnerabilities
11 July 2024

Other references

https://www.cve.org/CVERecord?id=CVE-2021-3899