Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 15.04 USN-2618-1 Critical: Python-Dbusmock Arbitrary Code Threat

ubuntu
Calendar Grey May 21, 2015
Dist Ubuntu Esm H88
Ensure your Ubuntu installations are current to address the security vulnerability associated with python-dbusmock, which poses a risk of arbitrary code execution by local users.
python-dbusmock could be tricked into running arbitrary programs.

Summary

python-dbusmock could be tricked into running arbitrary programs.

Software Description:

- python-dbusmock: mock D-Bus objects for tests

Details:

It was discovered that python-dbusmock incorrectly handled template

loading from shared directories. A local attacker could possibly use this

issue to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python-dbusmock                 0.14-1ubuntu2
  python3-dbusmock                0.14-1ubuntu2

Ubuntu 14.10:
  python-dbusmock                 0.11.4-1ubuntu1
  python3-dbusmock                0.11.4-1ubuntu1

Ubuntu 14.04 LTS:
  python-dbusmock                 0.10.1-1ubuntu1
  python3-dbusmock                0.10.1-1ubuntu1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2618-1

CVE-2015-1326

Severity
critical
Lowest
Low
Medium
High
Critical

May 21, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.