USN-572-1: apt-listchanges vulnerability

01-18-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-572-1: apt-listchanges vulnerability

Referenced CVEs:
CVE-2008-0302

Description:
=========================================================== Ubuntu Security Notice USN-572-1 January 18, 2008 apt-listchanges vulnerability CVE-2008-0302 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: apt-listchanges 2.72ubuntu6.1 Ubuntu 7.10: apt-listchanges 2.74ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

CRON-APT(8) System Manager's Manual CRON-APT(8) NAME
cron-apt -- program to update the system using apt-get SYNOPSIS
cron-apt [configfile] DESCRIPTION
This manual page documents briefly the cron-apt command. cron-apt is a program that uses the information in /etc/cron-apt/action.d/ as arguments to apt-get line by line in file order. OPTIONS
These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. For a complete description, see the Info files. --help Show summary of options. CONFIGURATION
Configuration can be done by editing /etc/cron-apt/config and by adding rules to /etc/cron-apt/action.d/ The variables that you can set in /etc/cron-apt/config is documented in the configuration example in /usr/share/doc/cron-apt/examples/config From version 0.5.0 the optional FILTERCTRLM attribute is deprecated. SEE ALSO
apt-get (1) aptitude (1) AUTHOR
This manual page was written by Ola Lundqvist ola@inguza.com for the Debian GNU/Linux system (but may be used by others). This manual is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. CRON-APT(8)

Security Advisories (RSS)

USN-572-1: apt-listchanges vulnerability

LEARN ABOUT DEBIAN

cron-apt