USN-2956-1: ubuntu-core-launcher vulnerability

USN-2956-1: ubuntu-core-launcher vulnerability

Ubuntu Security Notice USN-2956-1

29th April, 2016

ubuntu-core-launcher vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS

Summary

ubuntu-core-launcher did not properly isolate snaps from one another.

Software description

  • ubuntu-core-launcher
    – Snap application launcher

Details

Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mountpoint of bind mounts when using snaps on traditional Ubuntu systems
(eg, desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
ubuntu-core-launcher

1.0.27.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1580

Source: USN-2956-1: ubuntu-core-launcher vulnerability

About KENNETH 14716 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.