CVE-2019-7307 (retired)

Priority
Description
Apport contains a TOCTTOU vulnerability when reading the users
~/.apport-ignore.xml file, which allows a local attacker to replace this
file with a symlink to any other file on the system and so cause Apport to
include the contents of this other file in the resulting crash report. The
crash report could then be read by that user either by causing it to be
uploaded and reported to Launchpad, or by leveraging some other
vulnerability to read the resulting crash report, and so allow the user to
read arbitrary files on the system.
Assigned-to
amurray
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (2.14.1-0ubuntu3.29+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.20.1-0ubuntu2.19)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.20.9-0ubuntu7.7)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.20.10-0ubuntu13.4)
Ubuntu 19.04 (Disco Dingo):released (2.20.10-0ubuntu27.1)
Ubuntu 19.10 (Eoan):released (2.20.11-0ubuntu5)
More Information

Updated: 2019-07-16 14:14:58 UTC (commit 55a83e1b0df1fea35e2090d797b95aa11fdf090b)