[Bug 995195] Re: apt-listchanges causes update-manager to appear to hang

a7x 995195 at bugs.launchpad.net
Fri Aug 31 18:50:27 UTC 2012 

Marking as a security vulnerability:  As noted in
<https://bugs.launchpad.net/ubuntu/+source/apt-
listchanges/+bug/787802/comments/9>, it's possible to get to a root
shell from 'less' (the pager invoked by apt-listchanges).  While 'less'
is displaying the list of changes, type '!sh' (without the quotes) and
hit enter.  This allows a user that is authorized to do the
org.debian.apt.upgrade-packages policykit action to invoke arbitrary
commands as root.

Note that users are not required to type a password to run the
org.debian.apt.upgrade-packages action (see
<https://wiki.ubuntu.com/SecurityTeam/FAQ#Update_Manager_doesn.27t_prompt_for_security_updates>).
This makes it possible for malware running as the authorized user to
gain root access without knowing the password.

** This bug has been flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/995195

Title:
  apt-listchanges causes update-manager to appear to hang

Status in “apt-listchanges” package in Ubuntu:
  Confirmed
Status in “update-manager” package in Ubuntu:
  Triaged

Bug description:
  If apt-listchanges is configured to show package changelogs, update-
  manager displays them in 'less' in a hidden terminal which waits for
  the user to quit and continue.  There is no indication in update-
  manager that something off-screen is waiting for input.  The only
  status message reads "Applying changes".

  To continue, the user must click 'Details' then interact with apt-
  listchanges in the terminal.

  Screenshots attached.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: update-manager 1:0.156.14.1
  ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
  Uname: Linux 3.2.0-24-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu7
  Architecture: amd64
  Date: Sat May  5 18:51:55 2012
  GsettingsChanges:
   com.ubuntu.update-manager check-new-release-ignore 'oneiric'
   com.ubuntu.update-manager first-run false
   com.ubuntu.update-manager launch-time 1336240007
   com.ubuntu.update-manager window-height 600
   com.ubuntu.update-manager window-width 600
  PackageArchitecture: all
  SourcePackage: update-manager
  UpgradeStatus: Upgraded to precise on 2012-05-03 (2 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt-listchanges/+bug/995195/+subscriptions

More information about the foundations-bugs mailing list