CVE 2013-1067
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
Related bugs and status
CVE-2013-1067 (Candidate) is related to these bugs:
Bug #933199: apport-retrace crashed with IOError in _search_contents(): [Errno 2] No such file or directory: u'~/.cache/apport/retrace/Ubuntu 12.04/Contents-i386.gz'
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 933199 | apport-retrace crashed with IOError in _search_contents(): [Errno 2] No such file or directory: u'~/.cache/apport/retrace/Ubuntu 12.04/Contents-i386.gz' | apport (Ubuntu) | Medium | Fix Released | ||
Bug #1238620: apport-retrace doesn't work with [arch=foo] in the deb line
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1238620 | apport-retrace doesn't work with [arch=foo] in the deb line | apport (Ubuntu) | Medium | Fix Released | ||
Bug #1242435: Desktop setuid cores readable by non-privileged user
See the 
CVE page on Mitre.org
for more details.
