============================================================================
Ubuntu Security Notice USN-2771-1
October 15, 2015

click vulnerability
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

Click could be made to allow malicious apps unintended access to the
system.

Software Description:
- click: Click package manager

Details:

It was discovered that click did not properly perform input sanitization
during click package installation. If a user were tricked into installing a
crafted click package, a remote attacker could exploit this to escalate
privileges by tricking click into installing lenient security policy for
the installed application.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python3-click                   0.4.38.5ubuntu0.2

Ubuntu 14.04 LTS:
  python3-click                   0.4.21.1ubuntu0.2

In general, a standard system update will make all the necessary changes. A
corresponding update will be provided to Ubuntu Phone users soon.

For more information, please see:
https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/

References:
  http://www.ubuntu.com/usn/usn-2771-1
  https://launchpad.net/bugs/1506467

Package Information:
  https://launchpad.net/ubuntu/+source/click/0.4.38.5ubuntu0.2
  https://launchpad.net/ubuntu/+source/click/0.4.21.1ubuntu0.2