{"id":"USN-3623-1","summary":"ubuntu-release-upgrader vulnerability","details":"It was discovered that ubuntu-release-upgrader did not correctly drop\npermissions before opening a browser to view the release notes. This update\nfixes the issue.\n","modified":"2026-02-10T04:41:19Z","published":"2018-04-09T16:50:18Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3623-1"},{"type":"REPORT","url":"https://launchpad.net/bugs/1174007"}],"affected":[{"package":{"name":"ubuntu-release-upgrader","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/ubuntu-release-upgrader@1:0.220.10?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.220.10"}]}],"versions":["1:0.205","1:0.206","1:0.207","1:0.208","1:0.209","1:0.210","1:0.211","1:0.212","1:0.213","1:0.214","1:0.215","1:0.216","1:0.216.1","1:0.217","1:0.218","1:0.219","1:0.219.1","1:0.219.2","1:0.219.3","1:0.219.4","1:0.220","1:0.220.1","1:0.220.2","1:0.220.4","1:0.220.5","1:0.220.6","1:0.220.7","1:0.220.8","1:0.220.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:0.220.10","binary_name":"python3-distupgrade"},{"binary_version":"1:0.220.10","binary_name":"ubuntu-release-upgrader-core"},{"binary_version":"1:0.220.10","binary_name":"ubuntu-release-upgrader-gtk"},{"binary_version":"1:0.220.10","binary_name":"ubuntu-release-upgrader-qt"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3623-1.json"}},{"package":{"name":"ubuntu-release-upgrader","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ubuntu-release-upgrader@1:16.04.25?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.04.25"}]}],"versions":["1:15.10.13","1:16.04.1","1:16.04.2","1:16.04.3","1:16.04.4","1:16.04.6","1:16.04.7","1:16.04.8","1:16.04.10","1:16.04.11","1:16.04.12","1:16.04.14","1:16.04.15","1:16.04.16","1:16.04.17","1:16.04.18","1:16.04.19","1:16.04.20","1:16.04.21","1:16.04.22","1:16.04.23","1:16.04.24"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:16.04.25","binary_name":"python3-distupgrade"},{"binary_version":"1:16.04.25","binary_name":"ubuntu-release-upgrader-core"},{"binary_version":"1:16.04.25","binary_name":"ubuntu-release-upgrader-gtk"},{"binary_version":"1:16.04.25","binary_name":"ubuntu-release-upgrader-qt"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3623-1.json"}}],"schema_version":"1.7.3"}