[Bug 2154543] Re: [Security] ubuntu-kylin-software-center: root privilege escalation via command injection in D-Bus method copy_file_to_install

Launchpad Bug Tracker Thu, 11 Jun 2026 07:15:52 -0700

This bug was fixed in the package ubuntu-kylin-software-center -
4.5.77.1ubuntu0.1


---------------
ubuntu-kylin-software-center (4.5.77.1ubuntu0.1) resolute-security; urgency=low

  [ Pan Zhang ]
  * SECURITY UPDATE: root privilege escalation via command injection in
    D-Bus method copy_file_to_install (LP: #2154543)
    - kylin_software_center_daemon/apt_dbus_service.py: add signature
      verification to copy_file_to_install D-Bus method to prevent
      unprivileged users from exploiting command injection in os.system()
      to gain root privileges.
    - service/dbus_service.py: pass signature data when calling
      copy_file_to_install via D-Bus interface.

 -- zhangpan <[email protected]>  Tue, 09 Jun 2026 11:16:31 +0800

** Changed in: ubuntu-kylin-software-center (Ubuntu Resolute)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154543

Title:
  [Security] ubuntu-kylin-software-center: root privilege escalation via
  command injection in D-Bus method copy_file_to_install

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-kylin-software-center/+bug/2154543/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2154543] Re: [Security] ubuntu-kylin-software-center: root privilege escalation via command injection in D-Bus method copy_file_to_install

Reply via email to