Launchpad.net

CVE 2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

Related bugs and status

CVE-2012-0950 (Candidate) is related to these bugs:

Bug #1004503: Incomplete fix for CVE-2012-0949

		In	Importance	Status
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Natty)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Oneiric)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Precise)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
UBUNTU: USN-1443-2