Launchpad.net

CVE 2021-32556

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

Related bugs and status

CVE-2021-32556 (Candidate) is related to these bugs:

Bug #1917904: Arbitrary file reads

		In	Importance	Status
1917904	Arbitrary file reads	apport (Ubuntu)	Undecided	Fix Released
1917904	Arbitrary file reads	apport (Ubuntu Impish)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Impish)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Focal)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Focal)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Groovy)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Groovy)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Hirsute)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Hirsute)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Bionic)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Bionic)	Undecided	New
1917904	Arbitrary file reads	Apport	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...