CVE-2015-1341
Publication date 27 October 2015
Last updated 24 July 2024
Ubuntu priority
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| apport | ||
| 16.04 LTS xenial |
Fixed 2.19.2-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 2.14.1-0ubuntu3.18
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2782-1
- Apport vulnerability
- 27 October 2015