CVE-2022-28654
https://notcve.org/view.php?id=CVE-2022-28654
is_closing_session() allows users to fill up apport.log is_closing_session() permite a los usuarios completar apport.log • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28654 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-28652
https://notcve.org/view.php?id=CVE-2022-28652
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack ~/.config/apport/settings el análisis es vulnerable al ataque de "billion laughs" • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28652 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2022-28656
https://notcve.org/view.php?id=CVE-2022-28656
is_closing_session() allows users to consume RAM in the Apport process is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28656 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-28657
https://notcve.org/view.php?id=CVE-2022-28657
Apport does not disable python crash handler before entering chroot Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28657 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-28658
https://notcve.org/view.php?id=CVE-2022-28658
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing El análisis de argumentos de Apport maneja mal la división de nombres de archivos en núcleos más antiguos, lo que resulta en suplantación de argumentos • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28658 •