Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-1579

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.

Related bugs and status

CVE-2016-1579 (Candidate) is related to these bugs:

Bug #1567960: UDM doesn't check for confinement before running post-processing commands

Summary				In	Importance	Status
	1567960	UDM doesn't check for confinement before running post-processing commands		ubuntu-download-manager	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bazaar.launchp...