CVE-2014-7206

Publication date 8 October 2014

Last updated 24 July 2024

Ubuntu priority

Why this priority?

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apt	14.04 LTS trusty	Fixed 1.0.1ubuntu2.5
	12.04 LTS precise	Fixed 0.8.16~exp12ubuntu10.21
	10.04 LTS lucid	Not affected

Notes

mdeslaur

mitigated by symlink restrictions

References

Related Ubuntu Security Notices (USN)

USN-2370-1
APT vulnerability
8 October 2014

Other references

https://www.cve.org/CVERecord?id=CVE-2014-7206