=========================================================== Ubuntu Security Notice USN-572-1 January 18, 2008 apt-listchanges vulnerability CVE-2008-0302 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: apt-listchanges 2.72ubuntu6.1 Ubuntu 7.10: apt-listchanges 2.74ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.72ubuntu6.1.dsc Size/MD5: 735 375004d6b85120036f9759a4ee1e6eef http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.72ubuntu6.1.tar.gz Size/MD5: 90531 deb56e612e9dec768e7772a331e5a3f5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.72ubuntu6.1_all.deb Size/MD5: 52192 293d39e51c189423d75a4decaba1d749 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.74ubuntu3.1.dsc Size/MD5: 736 7dd8d7f136095b687a3860c0bf2dbe0b http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.74ubuntu3.1.tar.gz Size/MD5: 877382 1fdce15a1ae42035ae6fe38f060e0dca Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apt-listchanges/apt-listchanges_2.74ubuntu3.1_all.deb Size/MD5: 56816 e6b68b2e1eafda2f71f20c1aea22584b
Attachment:
signature.asc
Description: Digital signature