Ubuntu update for apt-listchanges - Secunia Advisories - Vulnerability Intelligence

Ubuntu update for apt-listchanges
Secunia Advisory:	SA28574	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-01-21
Popularity:	2,629 views

Critical:	Not critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Ubuntu Linux 7.04 Ubuntu Linux 7.10

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-0302

Description: Ubuntu has issued an update for apt-listchanges. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to apt-listchanges trying to import python libraries from potentially unsafe paths. This can be exploited to e.g. execute arbitrary python code with the root privileges if the root user executes the application in a directory with malicious content. Solution: Apply updated packages. -- Ubuntu 7.04 -- Source archives: http://security.ubuntu.com/ubuntu/poo...ges/apt-listchanges_2.72ubuntu6.1.dsc Size/MD5: 735 375004d6b85120036f9759a4ee1e6eef http://security.ubuntu.com/ubuntu/poo.../apt-listchanges_2.72ubuntu6.1.tar.gz Size/MD5: 90531 deb56e612e9dec768e7772a331e5a3f5 Architecture independent packages: http://security.ubuntu.com/ubuntu/poo...apt-listchanges_2.72ubuntu6.1_all.deb Size/MD5: 52192 293d39e51c189423d75a4decaba1d749 -- Ubuntu 7.10 -- Source archives: http://security.ubuntu.com/ubuntu/poo...ges/apt-listchanges_2.74ubuntu3.1.dsc Size/MD5: 736 7dd8d7f136095b687a3860c0bf2dbe0b http://security.ubuntu.com/ubuntu/poo.../apt-listchanges_2.74ubuntu3.1.tar.gz Size/MD5: 877382 1fdce15a1ae42035ae6fe38f060e0dca Architecture independent packages: http://security.ubuntu.com/ubuntu/poo...apt-listchanges_2.74ubuntu3.1_all.deb Size/MD5: 56816 e6b68b2e1eafda2f71f20c1aea22584b Original Advisory: https://lists.ubuntu.com/archives/ubu...ity-announce/2008-January/000658.html

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	16
New vulnerabilities:	60
Updated advisories:	36

Moderately // 236 views

WordPress WP Comment Remix Plugin Multiple Vulnerabilities

Less // 203 views

Elxis mod_language.php Cross-Site Scripting Vulnerability

Moderately // 228 views

MyPHPDating "id" SQL Injection Vulnerability

Moderately // 281 views

BEA WebLogic Server Multiple Authorizers Security Bypass

Moderately // 243 views

BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability

Moderately // 225 views

BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability

Highly // 344 views

BEA WebLogic Server Multiple Vulnerabilities

Moderately // 385 views

Oracle Products Multiple Vulnerabilities

Moderately // 297 views

Webscene eCommerce "level" SQL Injection Vulnerability

Moderately // 417 views

Sun Solaris "sadmind" Buffer Overflow Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.