Launchpad.net

CVE 2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.

Related bugs and status

CVE-2012-0949 (Candidate) is related to these bugs:

Bug #1004503: Incomplete fix for CVE-2012-0949

		In	Importance	Status
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Natty)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Oneiric)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Precise)	High	Fix Released
1004503	Incomplete fix for CVE-2012-0949	update-manager (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-1443-1
BID: 53605
OSVDB: 82020
SECUNIA: 49230
XF: update-manager-archive...