[Bug 933225] Re: DistUpgradeViewKDE broken since last security update

Harald Sitter apachelogger at ubuntu.com
Thu Feb 16 20:20:04 UTC 2012 

Thank you for getting this resolved so quick.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/933225

Title:
  DistUpgradeViewKDE broken since last security update

Status in “update-manager” package in Ubuntu:
  Fix Released
Status in “update-manager” source package in Lucid:
  Fix Released
Status in “update-manager” source package in Maverick:
  Fix Released
Status in “update-manager” source package in Natty:
  Fix Released
Status in “update-manager” source package in Oneiric:
  Fix Released
Status in “update-manager” source package in Precise:
  Fix Released
Status in “update-manager” source package in Hardy:
  Fix Released

Bug description:
  copyXauth = tempfile.mkstemp("", "adept")
          if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
              shutil.copy(os.environ['XAUTHORITY'], copyXauth)
              os.environ["XAUTHORITY"] = copyXauth

  <apachelogger> can't load DistUpgradeViewKDE (coercing to Unicode: need string or buffer, tuple found)
  <apachelogger> bug 881541
  <ubottu> Launchpad bug 881541 in update-manager (Ubuntu) "DistUpgrade/DistUpgradeViewKDE.py uses mktemp -- which is insecure" [Medium,Fix released] https://launchpad.net/bugs/881541
  <apachelogger> http://docs.python.org/library/tempfile.html
  <apachelogger> mkstemp() returns a tuple containing an OS-level handle to an open file (as would be returned by os.open()) and the absolute pathname of that file, in that order.
  <apachelogger>             shutil.copy(os.environ['XAUTHORITY'], copyXauth)
  <apachelogger> I am the touple in your string <3

       print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
       print copyXauth => (13, '/tmp/adeptTXo9jf')

  Also: http://docs.python.org/library/shutil.html
  shutil.copy(src, dst)
  Copy the file src to the file or directory dst. If dst is a directory, a file with the same basename as src is created (or overwritten) in the directory specified. Permission bits are copied. src and dst are path names given as strings.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/933225/+subscriptions

More information about the foundations-bugs mailing list