It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-06-11 21:15
Updated : 2021-06-15 08:27
NVD link : CVE-2021-32550
Mitre link : CVE-2021-32550
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
canonical
- ubuntu_linux