Ubuntu Security Notice USN-526-1
4th October, 2007
debian-goodies vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- debian-goodies
Details
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- debian-goodies 0.27ubuntu0.1
- Ubuntu 6.10:
- debian-goodies 0.23ubuntu0.6.10.1
- Ubuntu 6.06 LTS:
- debian-goodies 0.23ubuntu0.6.06.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.