Canonical Fixes Devscripts Vulnerabilities for Ubuntu

A simple system update should be enough to fix the problems

By on October 3rd, 2012 14:15 GMT

On October 2rd, in a security notice Canonical published details about devscripts vulnerabilities for its Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in devscripts. It was discovered that devscripts tools incorrectly handled shell metacharacters, escaped arguments to external commands, performed input validation, and handled temporary files.

A local attacker could use this flaw to alter files, to execute arbitrary code, and to delete arbitrary files.

The security flaws can be fixed if you upgrade your system(s) to the latest devscripts package, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.

Comments