canonical/ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.