This bug was fixed in the package apport - 2.19.2-0ubuntu1
---------------
apport (2.19.2-0ubuntu1) xenial; urgency=medium
* New upstream release. Changes since previous snapshot:
- SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
- test_backend_apt_dpkg.py: Reset internal apt caches between tests.
Avoids random test failures due to leaking paths from previous test
cases.
* debian/control: Adjust Vcs-Bzr: for xenial branch.
* debian/control: Drop obsolete XS-Testsuite: header.
-- Martin Pitt <[email protected]> Tue, 27 Oct 2015 14:33:28
+0100
** Changed in: apport (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507480
Title:
Privilege escalation through Python module imports
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1507480/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
