CVE-2017-9232

Priority
High
Description
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX
domain socket without setting appropriate permissions, allowing privilege
escalation by users on the system to root.
References
Bugs
Assigned-to
sarnold
Package
Upstream:released (2.1.3, 2.0.4, 1.25.12)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.25.6-0ubuntu1.14.04.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.2-0ubuntu0.16.04.2)
Ubuntu 17.04 (Zesty Zapus):released (2.0.2-0ubuntu2.1)
Package
Upstream:released (1.25.12)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.25.6-0ubuntu1.16.04.2)
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:56:01 UTC (commit 13081)