Canonical Closes Devscripts Exploit in Ubuntu
Canonical has revealed some information in a security notice about a devscripts vulnerability in Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems that has been found and corrected.
Ubuntu maintainers have upgraded the devscripts package in order to correct a small issue. The package is described as scripts to make the life of a Debian Package maintainer easier, and it looks like devscripts could have been made to overwrite files in certain situations.
According to the security notice, “it was discovered that the update tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.”
For a more detailed description of the problems, you can see Canonical’s security notification. Users should upgrade their Linux distribution in order to correct this issue, but that would be a good idea anyway. The flaw can be fixed if you upgrade your system(s) to the latest devscripts package specific to each distribution. To apply the patch, you can simply run the Update Manager application.