|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu Update for ubuntu-core-launcher USN-2956-1|
|Summary:||The remote host is missing an update for the 'ubuntu-core-launcher'; package(s) announced via the USN-2956-1 advisory.|
The remote host is missing an update for the 'ubuntu-core-launcher'
package(s) announced via the USN-2956-1 advisory.
Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg,
traditional desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.
ubuntu-core-launcher on Ubuntu 16.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2016-1580|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.