Ubuntu Security Notice USN-2370-1
8th October, 2014
apt vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
APT could be made to overwrite files.
Software description
- apt
– Advanced front-end for dpkg
Details
Guillem Jover discovered that APT incorrectly created a temporary file when
handling the changelog command. A local attacker could use this issue to
overwrite arbitrary files. In the default installation of Ubuntu, this
should be prevented by the kernel link restrictions.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
apt
1.0.1ubuntu2.5
- Ubuntu 12.04 LTS:
-
apt
0.8.16~exp12ubuntu10.21
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.