PublicDateAtUSN: 2020-12-08
Candidate: CVE-2020-16128
CRD: 2020-12-08
PublicDate: 2020-12-09 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16128
 https://ubuntu.com/security/notices/USN-4664-1
Description:
 The aptdaemon DBus interface disclosed file existence disclosure by setting
 Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
 This affected versions prior to 1.1.1+bzr982-0ubuntu34.1,
 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5,
 1.1.1+bzr982-0ubuntu14.5.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513
Priority: medium
Discovered-by: Kevin Backhouse
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N [3.8 LOW]


Patches_aptdaemon:
upstream_aptdaemon: needs-triage
precise/esm_aptdaemon: DNE
trusty_aptdaemon: ignored (out of standard support)
trusty/esm_aptdaemon: DNE
xenial_aptdaemon: released (1.1.1+bzr982-0ubuntu14.5)
esm-infra/xenial_aptdaemon: released (1.1.1+bzr982-0ubuntu14.5)
bionic_aptdaemon: released (1.1.1+bzr982-0ubuntu19.5)
focal_aptdaemon: released (1.1.1+bzr982-0ubuntu32.3)
groovy_aptdaemon: released (1.1.1+bzr982-0ubuntu34.1)
devel_aptdaemon: released (1.1.1+bzr982-0ubuntu36)