Ubuntu alert USN-1662-1 (apt)

From:
    	       Marc Deslauriers <marc.deslauriers@canonical.com> 
To:
    	       ubuntu-security-announce@lists.ubuntu.com 
Subject:
    	       [USN-1662-1] APT vulnerability 
Date:
    	       Wed, 12 Dec 2012 14:42:32 -0500
Message-ID:
    	       <50C8DE28.9080007@canonical.com>

==========================================================================
Ubuntu Security Notice USN-1662-1
December 12, 2012

apt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

APT could expose sensitive information.

Software Description:
- apt: Advanced front-end for dpkg

Details:

It was discovered that APT set inappropriate permissions on the term.log
file. A local attacker could use this flaw to possibly obtain sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  apt                             0.9.7.5ubuntu5.2

Ubuntu 12.04 LTS:
  apt                             0.8.16~exp12ubuntu10.7

Ubuntu 11.10:
  apt                             0.8.16~exp5ubuntu13.6

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1662-1
  CVE-2012-0961

Package Information:
  https://launchpad.net/ubuntu/+source/apt/0.9.7.5ubuntu5.2
  https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubun...
  https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubunt...

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...

From:		Marc Deslauriers <marc.deslauriers@canonical.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-1662-1] APT vulnerability
Date:		Wed, 12 Dec 2012 14:42:32 -0500
Message-ID:		<50C8DE28.9080007@canonical.com>