UBUNTU-CVE-2016-1579

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2016-1579
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1579.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-1579
Upstream
  • CVE-2016-1579
Published
2019-04-22T16:29:00Z
Modified
2026-04-22T10:31:16.527244Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 6.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.

References

Affected packages

Ubuntu:16.04:LTS / ubuntu-download-manager

Package

Name
ubuntu-download-manager
Purl
pkg:deb/ubuntu/ubuntu-download-manager@1.2+16.04.20160408-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2+16.04.20160408-0ubuntu1

Affected versions

1.*
1.0+15.10.20150724-0ubuntu2~ppa2
1.2+16.04.20151216.2-0ubuntu1
1.2+16.04.20151223.1-0ubuntu1
1.2+16.04.20160112.2-0ubuntu1
1.2+16.04.20160211-0ubuntu1
1.2+16.04.20160308-0ubuntu1
1.2+16.04.20160317-0ubuntu1
1.2+16.04.20160322-0ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "libubuntu-download-manager-client1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "libubuntu-download-manager-common1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "libubuntu-upload-manager-common1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "libudm-common1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "libudm-priv-common1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "qtdeclarative5-ubuntu-download-manager0.1"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "ubuntu-download-manager"
        },
        {
            "binary_version": "1.2+16.04.20160408-0ubuntu1",
            "binary_name": "ubuntu-upload-manager"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1579.json"