This bug was fixed in the package apport - 2.20.9-0ubuntu7.24
--------------- apport (2.20.9-0ubuntu7.24) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557
-- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
This bug was fixed in the package apport - 2.20.9-0ubuntu7.24
--------------- 0ubuntu7. 24) bionic-security; urgency=medium
apport (2.20.9-
* SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) hookutils. py: don't follow symlinks and make sure the file hookutils. py: added symlink tests. 2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, 2021-32555 packaging- apt-dpkg. py: properly terminate arguments in modified_ conffiles. upload- all: don't follow symlinks and make sure the
- apport/
isn't a FIFO in read_file().
- test/test_
- CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550,
CVE-
CVE-
* SECURITY UPDATE: info disclosure via modified config files spoofing
(LP: #1917904)
- backends/
get_
- CVE-2021-32556
* SECURITY UPDATE: arbitrary file write (LP: #1917904)
- data/whoopsie-
file isn't a FIFO in process_report().
- CVE-2021-32557
-- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400