Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-572-1: apt-listchanges vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-572-1: apt-listchanges vulnerability
# 1  
Old 01-18-2008
USN-572-1: apt-listchanges vulnerability
Referenced CVEs:
CVE-2008-0302


Description:
=========================================================== Ubuntu Security Notice USN-572-1 January 18, 2008 apt-listchanges vulnerability CVE-2008-0302 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: apt-listchanges 2.72ubuntu6.1 Ubuntu 7.10: apt-listchanges 2.74ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT LINUX

apt

apt(8)							      System Manager's Manual							    apt(8)

NAME

       apt - Advanced Package Tool

SYNOPSIS

       apt

DESCRIPTION

       APT  is	a management system for software packages. For normal day to day package management there are several frontends available, such as
       aptitude(8) for the command line or synaptic(8) for the X Window System. Some options are only implemented in apt-get(8) though.

SEE ALSO

       apt-cache(8), apt-get(8), apt.conf(5), sources.list(5), apt_preferences(5), apt-secure(8)

DIAGNOSTICS

       apt returns zero on normal operation, decimal 100 on error.

BUGS

       This manpage isn't even started.

       See <http://bugs.debian.org/apt>.  If you wish to report a bug in apt, please see /usr/share/doc/debian/bug-reporting.txt  or  the  report-
       bug(1) command.

AUTHOR

       apt was written by the APT team <apt@packages.debian.org>.

Debian GNU/Linux						   16 June 1998 							    apt(8)