Candidate: CVE-2015-5224
PublicDate: 2017-08-23 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5224
Description:
 The mkostemp function in login-utils in util-linux when used incorrectly
 allows remote attackers to cause file name collision and possibly other
 attacks.
Ubuntu-Description:
Notes:
 seth-arnold> wily and vivid are built with --disable-chfn-chsh which should
  disable the vulnerable code sections
 seth-arnold> precise and trusty did not appear to have the vulnerable functions
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_util-linux:
 upstream: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9
upstream_util-linux: released (2.27-rc2)
precise_util-linux: not-affected (code not present)
trusty_util-linux: not-affected (code not present)
trusty/esm_util-linux: not-affected (code not present)
vivid_util-linux: not-affected
vivid/stable-phone-overlay_util-linux: not-affected
vivid/ubuntu-core_util-linux: not-affected
wily_util-linux: not-affected
devel_util-linux: not-affected