[USN-2771-1] Click vulnerability
Jamie Strandboge
jamie at canonical.com
Thu Oct 15 20:12:50 UTC 2015
==========================================================================
Ubuntu Security Notice USN-2771-1
October 15, 2015
click vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Click could be made to allow malicious apps unintended access to the
system.
Software Description:
- click: Click package manager
Details:
It was discovered that click did not properly perform input sanitization
during click package installation. If a user were tricked into installing a
crafted click package, a remote attacker could exploit this to escalate
privileges by tricking click into installing lenient security policy for
the installed application.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
python3-click 0.4.38.5ubuntu0.2
Ubuntu 14.04 LTS:
python3-click 0.4.21.1ubuntu0.2
In general, a standard system update will make all the necessary changes. A
corresponding update will be provided to Ubuntu Phone users soon.
For more information, please see:
https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/
References:
http://www.ubuntu.com/usn/usn-2771-1
https://launchpad.net/bugs/1506467
Package Information:
https://launchpad.net/ubuntu/+source/click/0.4.38.5ubuntu0.2
https://launchpad.net/ubuntu/+source/click/0.4.21.1ubuntu0.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20151015/ab51a2aa/attachment.sig>
More information about the ubuntu-security-announce
mailing list