CVE-2022-28657
https://notcve.org/view.php?id=CVE-2022-28657
Apport does not disable python crash handler before entering chroot Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28657 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-28652
https://notcve.org/view.php?id=CVE-2022-28652
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack ~/.config/apport/settings el análisis es vulnerable al ataque de "billion laughs" • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28652 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2022-28654
https://notcve.org/view.php?id=CVE-2022-28654
is_closing_session() allows users to fill up apport.log is_closing_session() permite a los usuarios completar apport.log • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28654 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-28655
https://notcve.org/view.php?id=CVE-2022-28655
is_closing_session() allows users to create arbitrary tcp dbus connections is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28655 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-28658
https://notcve.org/view.php?id=CVE-2022-28658
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing El análisis de argumentos de Apport maneja mal la división de nombres de archivos en núcleos más antiguos, lo que resulta en suplantación de argumentos • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28658 •