Ubuntu
android package

vulnerability in OTA signature check mechanism

Bug #1506887 reported by Ondrej Kubik
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
android (Ubuntu)
Fix Released
High
Ondrej Kubik

Bug Description

Cleverly constructed key signature tarball can bypass signature check.
If tarball contains symbolic link to the directory outside of the working folder followed then by file based on this symbolic link , tar will follow the link and creates new file outside of the working folder, which is not desired and can alter behaviour of the system.

Tyler Hicks (tyhicks)
Changed in android (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Ondrej Kubik (w-ondra)
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Ondrej is preparing a workaround fix in our system-image-upgrader script.

However, the core issue lies in busybox's tar implementation. I've opened an upstream busybox bug for that issue:

  https://bugs.busybox.net/show_bug.cgi?id=8411

Revision history for this message
Simon Fels (morphis) wrote :

New release of the android package including this fix is now in progress at https://requests.ci-train.ubuntu.com/#/ticket/1081

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package android - 20160307-0742-0ubuntu3

---------------
android (20160307-0742-0ubuntu3) xenial; urgency=medium

  * Version bump for overcome burned version number in our
    landing ppa.

 -- Simon Fels <email address hidden> Mon, 07 Mar 2016 13:23:10 +0100

Changed in android (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.