Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.
{ "availability": "No subscription required", "binaries": [ { "juju-core": "1.25.6-0ubuntu1.14.04.2", "juju": "1.25.6-0ubuntu1.14.04.2", "juju-local": "1.25.6-0ubuntu1.14.04.2", "juju-local-kvm": "1.25.6-0ubuntu1.14.04.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "juju": "2.0.2-0ubuntu0.16.04.2", "juju-2.0": "2.0.2-0ubuntu0.16.04.2", "juju-2.0-dbgsym": "2.0.2-0ubuntu0.16.04.2" } ] }