[USN-2771-1] Click vulnerability

2015-10-19T00:00:00
ID SECURITYVULNS:DOC:32560
Type securityvulns
Reporter Securityvulns
Modified 2015-10-19T00:00:00

Description

========================================================================== Ubuntu Security Notice USN-2771-1 October 15, 2015

click vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary:

Click could be made to allow malicious apps unintended access to the system.

Software Description: - click: Click package manager

Details:

It was discovered that click did not properly perform input sanitization during click package installation. If a user were tricked into installing a crafted click package, a remote attacker could exploit this to escalate privileges by tricking click into installing lenient security policy for the installed application.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: python3-click 0.4.38.5ubuntu0.2

Ubuntu 14.04 LTS: python3-click 0.4.21.1ubuntu0.2

In general, a standard system update will make all the necessary changes. A corresponding update will be provided to Ubuntu Phone users soon.

For more information, please see: https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/

References: http://www.ubuntu.com/usn/usn-2771-1 https://launchpad.net/bugs/1506467

Package Information: https://launchpad.net/ubuntu/+source/click/0.4.38.5ubuntu0.2 https://launchpad.net/ubuntu/+source/click/0.4.21.1ubuntu0.2

-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce