14 DAY TRIAL // On March 13, Canonical published in a security notice details about an APT vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 12.04 (Precise Pangolin), and Ubuntu 11.10 (Oneiric Ocelot) operating systems.
According to Canonical, an attacker could trick APT into installing altered packages.
Ansgar Burchardt discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories.
If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
For a more detailed description of the security problems, you can visit Canonical's security notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest apt package, specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.