APT vulnerability

2014-10-0800:00:00

ubuntu.com

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

apt - Advanced front-end for dpkg

Details

Guillem Jover discovered that APT incorrectly created a temporary file when
handling the changelog command. A local attacker could use this issue to
overwrite arbitrary files. In the default installation of Ubuntu, this
should be prevented by the kernel link restrictions.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchapt< 1.0.1ubuntu2.5UNKNOWN
Ubuntu14.04noarchapt-transport-https< 1.0.1ubuntu2.5UNKNOWN
Ubuntu14.04noarchapt-utils< 1.0.1ubuntu2.5UNKNOWN
Ubuntu14.04noarchlibapt-inst1.5< 1.0.1ubuntu2.5UNKNOWN
Ubuntu14.04noarchlibapt-pkg-dev< 1.0.1ubuntu2.5UNKNOWN
Ubuntu14.04noarchlibapt-pkg4.12< 1.0.1ubuntu2.5UNKNOWN
Ubuntu12.04noarchapt< 0.8.16~exp12ubuntu10.21UNKNOWN
Ubuntu12.04noarchapt-transport-https< 0.8.16~exp12ubuntu10.21UNKNOWN
Ubuntu12.04noarchapt-utils< 0.8.16~exp12ubuntu10.21UNKNOWN
Ubuntu12.04noarchlibapt-inst1.4< 0.8.16~exp12ubuntu10.21UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	apt	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	14.04	noarch	apt-transport-https	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	14.04	noarch	apt-utils	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	14.04	noarch	libapt-inst1.5	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	14.04	noarch	libapt-pkg-dev	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	14.04	noarch	libapt-pkg4.12	< 1.0.1ubuntu2.5	UNKNOWN
Ubuntu	12.04	noarch	apt	< 0.8.16~exp12ubuntu10.21	UNKNOWN
Ubuntu	12.04	noarch	apt-transport-https	< 0.8.16~exp12ubuntu10.21	UNKNOWN
Ubuntu	12.04	noarch	apt-utils	< 0.8.16~exp12ubuntu10.21	UNKNOWN
Ubuntu	12.04	noarch	libapt-inst1.4	< 0.8.16~exp12ubuntu10.21	UNKNOWN