USN-2370-1: APT vulnerability
08 October 2014
APT could be made to overwrite files.
- apt - Advanced front-end for dpkg
Guillem Jover discovered that APT incorrectly created a temporary file when
handling the changelog command. A local attacker could use this issue to
overwrite arbitrary files. In the default installation of Ubuntu, this
should be prevented by the kernel link restrictions.