Ubuntu Security Notice (C) 2011-2014 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
David Black discovered that Update Manager incorrectly extracted the
downloaded upgrade tarball before verifying its GPG signature. If a
remote attacker were able to perform a man-in-the-middle attack, this
flaw could potentially be used to replace arbitrary files.
David Black discovered that Update Manager created a temporary
directory in an insecure fashion. A local attacker could possibly use
this flaw to read the XAUTHORITY file of the user performing the
This update also adds a hotfix to Update Notifier to handle cases
where the upgrade is being performed from CD media.
Update the affected auto-upgrade-tester, update-manager and / or
Risk factor :
Medium / CVSS Base Score : 6.4