View Full Version : USN-572-1: apt-listchanges vulnerability

January 19th, 2008, 12:40 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-572-1 January 18, 2008apt-listchanges vulnerabilityCVE-2008-0302============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.04: apt-listchanges 2.72ubuntu6.1Ubuntu 7.10: apt-listchanges 2.74ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Felipe Sateler discovered that apt-listchanges did not use safe paths whenimporting additional Python libraries. A local attacker could exploitthis and execute arbitrary commands as the user running apt-listchanges.

More... (http://www.ubuntu.com/usn/usn-572-1)