You are here
Home > Preporuke > Ranjivost programskog paketa click

Ranjivost programskog paketa click

==========================================================================
Ubuntu Security Notice USN-2771-1
October 15, 2015

click vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04
– Ubuntu 14.04 LTS

Summary:

Click could be made to allow malicious apps unintended access to the
system.

Software Description:
– click: Click package manager

Details:

It was discovered that click did not properly perform input sanitization
during click package installation. If a user were tricked into installing a
crafted click package, a remote attacker could exploit this to escalate
privileges by tricking click into installing lenient security policy for
the installed application.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
python3-click 0.4.38.5ubuntu0.2

Ubuntu 14.04 LTS:
python3-click 0.4.21.1ubuntu0.2

In general, a standard system update will make all the necessary changes. A
corresponding update will be provided to Ubuntu Phone users soon.

For more information, please see:
https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/

References:
http://www.ubuntu.com/usn/usn-2771-1
https://launchpad.net/bugs/1506467

Package Information:
https://launchpad.net/ubuntu/+source/click/0.4.38.5ubuntu0.2
https://launchpad.net/ubuntu/+source/click/0.4.21.1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWIAjIAAoJEFHb3FjMVZVzDLAQAIJaemjMk3jUXIykuTOpeyr1
YR4PLL9K/EH12PJYbwR43nEP9H0S8NArsoFPAlWw3uzQljZVamQR1FipF+M2Tn/2
Ovj+OvF5rzPS9bigZx8OkJX+Q/qy1r3JZdNw0cSG3dAi3IKlw21Siwia9JNjaT95
mB2fGyWjpAXHfTQzdmT5z22+tFaxIhABjyC8MlUItPj1ETfbQBIifqhGT2vxrby6
cXVK30KkdC9uWOdAbSgiIuytrJqAt8Y66090TOCVK/Su6DNYEcKMD4bo+mXIu7Ek
MHPChoKWlFMHTBKomxRWeF+B8HRFGrWLmHCuMAO1gYH22cH2SkK7Sec0Jg60V+es
ENcVmyW7ep14mAOPhA2VRzs+T/x8E/y/CAic67+RmkXCNZiRVZa7PqHttDa7Gf7A
GKLX7TaHa2sWZvYr4YCSq8faEpqo6RzRPgu69vXqjYTCL8388ilLwnGkODoVS8Hd
WazihCMSJjmczAoOXadj+Upznd9H2fIYLO470HqR0xXltv6+8E5/mkdG2XGOOH+z
F++nGf6W8C/t/DIQNpfmXK0KVCMEknAsVEf/WOm8bYms9PZ9muVJOUgJjYX4Ds9H
ygxJjlUlsgIALuuqLfzeGv3Yb7yybBZVMOQdsIwm2bVwVJ4VHPaBfafJeNgjqVZF
+gllcAn1Kbb9RL6cpgQ7
=a5qx
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa Apache

Otkriveno je nekoliko ranjivosti u programskom paketu Apache za HP-UX. Otkrivene ranjivosti udaljenim napadačima omogućuju zaobilaženje pristupnih ograničenja, neautorizirane izmjene,...

Close