CVE-2015-1341
Publication date 27 October 2015
Last updated 25 August 2025
Ubuntu priority
Description
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| apport | ||
| 16.04 LTS xenial |
Fixed 2.19.2-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 2.14.1-0ubuntu3.18
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2782-1
- Apport vulnerability
- 27 October 2015