Published: 08 October 2014
The changelog command in Apt before 126.96.36.199 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Launchpad, Ubuntu, Debian
|Ubuntu 14.04 ESM (Trusty Tahr)||
|This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.|
mitigated by symlink restrictions