Launchpad.net

CVE 2021-32555

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

Related bugs and status

CVE-2021-32555 (Candidate) is related to these bugs:

Bug #1917904: Arbitrary file reads

		In	Importance	Status
1917904	Arbitrary file reads	apport (Ubuntu)	Undecided	Fix Released
1917904	Arbitrary file reads	apport (Ubuntu Impish)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Impish)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Focal)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Focal)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Groovy)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Groovy)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Hirsute)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Hirsute)	Undecided	New
1917904	Arbitrary file reads	apport (Ubuntu Bionic)	Undecided	Fix Released
1917904	Arbitrary file reads	openjdk-lts (Ubuntu Bionic)	Undecided	New
1917904	Arbitrary file reads	Apport	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...