---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Debian update for apt-listchanges SECUNIA ADVISORY ID: SA28513 VERIFY ADVISORY: http://secunia.com/advisories/28513/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for apt-listchanges. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to apt-listchanges trying to import python libraries from potentially unsafe paths. This can be exploited to e.g. execute arbitrary python code with the root privileges if the root user executes the application in a directory with malicious content. SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.tar.gz Size/MD5 checksum: 82907 2269a7d6e2bc1c964d214aa09696674f http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.dsc Size/MD5 checksum: 665 3f7898a52530e876b443dd8984b58f98 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2_all.deb Size/MD5 checksum: 65308 323f63a82a48342fa5a2dbfd8c045c14 -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.82. PROVIDED AND/OR DISCOVERED BY: Felipe Sateler ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00024.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------