[USN-2956-1] ubuntu-core-launcher vulnerability
jamie at canonical.com
Fri Apr 29 17:35:22 UTC 2016
Ubuntu Security Notice USN-2956-1
April 29, 2016
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
ubuntu-core-launcher did not properly isolate snaps from one another.
- ubuntu-core-launcher: Snap application launcher
Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg,
traditional desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS:
In general, a standard system update will make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce