Launchpad.net

CVE 2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Related bugs and status

CVE-2015-1341 (Candidate) is related to these bugs:

Bug #1500450: /usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file

		In	Importance	Status
1500450	/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file	apport (Ubuntu)	Low	Fix Released
1500450	/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file	apport (Ubuntu Precise)	Medium	Fix Released
1500450	/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file	apport (Ubuntu Vivid)	High	Fix Released
1500450	/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file	apport (Ubuntu Trusty)	High	Fix Released

Bug #1507480: Privilege escalation through Python module imports

		In	Importance	Status
1507480	Privilege escalation through Python module imports	apport (Ubuntu)	High	Fix Released
1507480	Privilege escalation through Python module imports	Apport	High	Fix Released
1507480	Privilege escalation through Python module imports	apport (Ubuntu Wily)	High	Fix Released
1507480	Privilege escalation through Python module imports	apport (Ubuntu Trusty)	High	Fix Released
1507480	Privilege escalation through Python module imports	apport (Ubuntu Precise)	High	Fix Released
1507480	Privilege escalation through Python module imports	apport (Ubuntu Vivid)	High	Fix Released
1507480	Privilege escalation through Python module imports	apport (Ubuntu Xenial)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://launchpad.net/...
MISC: https://usn.ubuntu.com...