[Android-tools-devel] Bug#806375: Debian not affected
Hans-Christoph Steiner
hans at eds.org
Fri Nov 27 11:31:31 UTC 2015
These bugs do not really affect Debian because libutils is not included
in any process that runs with elevated privileges nor any process that
is connected to the network by default. On Android, libutils is used in
'system' level processes (basically like setuid root).
libutils is only used in the Android SDK tools in Debian. So if someone
processed images or audio files with the Android SDK, it might be
vulnerable, but that means the attacker already has user access. The
exploit would let a build script run arbitrary commands via an
image/sound/video file planted in the build. If an attacker can plant
an image/sound/video file, they might as well just plant code, so not
really a useful exploit.
In any case, it will be fixed with the upcoming upload.
.hc
More information about the Android-tools-devel
mailing list