CVE-2013-1067

Publication date 24 October 2013

Last updated 24 July 2024

Ubuntu priority

Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apport	13.10 saucy	Fixed 2.12.5-0ubuntu2.1
	13.04 raring	Fixed 2.9.2-0ubuntu8.5
	12.10 quantal	Fixed 2.6.1-0ubuntu13
	12.04 LTS precise	Fixed 2.0.1-0ubuntu17.6
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

apport on lucid is disabled now, and desktop is out of support

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2007-1
Apport vulnerability
24 October 2013

Other references

https://www.cve.org/CVERecord?id=CVE-2013-1067