CVE-2012-0950
Published: 4 June 2012
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
Priority
Status
Package | Release | Status |
---|---|---|
update-manager Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
natty |
Released
(1:0.150.5.4)
|
|
oneiric |
Released
(1:0.152.25.12)
|
|
precise |
Released
(1:0.156.14.5)
|