CVE-2015-1541

Publication date 1 October 2015

Last updated 24 July 2024

Ubuntu priority

Description

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
android	15.10 wily	Ignored end of life
	15.04 vivid	Ignored end of life
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

need to check if used

References

MITRE
NVD
Launchpad
Debian

Other references

https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07
https://www.cve.org/CVERecord?id=CVE-2015-1541