CVE-2015-5652

Published: 06 October 2015

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."

Priority

Low

Status

Package Release Status
python2.7
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(Windows only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(Windows only)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(Windows only)
python3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

python3.4
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(Windows only)
python3.5
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(Windows only)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(Windows only)