Launchpad CVE tracker

CVE 2015-1322

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

Related bugs and status

CVE-2015-1322 (Candidate) is related to these bugs:

Bug #1449245: com.canonical.NMOfono.ReadImsiContexts privilege escalation

		In	Importance	Status
1449245	com.canonical.NMOfono.ReadImsiContexts privilege escalation	network-manager (Ubuntu)	Undecided	Fix Released
1449245	com.canonical.NMOfono.ReadImsiContexts privilege escalation	network-manager (Ubuntu Trusty)	Undecided	Fix Released
1449245	com.canonical.NMOfono.ReadImsiContexts privilege escalation	network-manager (Ubuntu Vivid)	Undecided	Fix Released
1449245	com.canonical.NMOfono.ReadImsiContexts privilege escalation	network-manager (Ubuntu Utopic)	Undecided	Fix Released

Bug #1480877: Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices

		In	Importance	Status
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	network-manager (Ubuntu)	High	Incomplete
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	Canonical System Image	High	Fix Released
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	network-manager (Ubuntu RTM)	High	Incomplete
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	location-service (Ubuntu RTM)	High	Fix Released
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	qtbase-opensource-src (Ubuntu)	High	Fix Released
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	unity8 (Ubuntu)	Undecided	Confirmed
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	dbus-cpp (Ubuntu)	High	Fix Released
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	dbus-cpp (Ubuntu RTM)	Undecided	Fix Released
1480877	Access points' "PropertiesChanged" dbus signals freeze UI on mobile devices	qtbase-opensource-src (Ubuntu RTM)	High	Fix Released

Bug #1496434: network-manager crash on boot on krillin/devel-proposed

Summary				In	Importance	Status
	1496434	network-manager crash on boot on krillin/devel-proposed		network-manager (Ubuntu)	Critical	Fix Released

Bug #1499904: loads duplicated symbols from NMSettings

Summary				In	Importance	Status
	1499904	loads duplicated symbols from NMSettings		network-manager (Ubuntu)	Critical	Fix Released

Bug #1499906: NM crashes when restarted on arale

Summary				In	Importance	Status
	1499906	NM crashes when restarted on arale		network-manager (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-1322

References