[Bug 975199] Re: term.log is world readable and shouldn't be
Launchpad Bug Tracker
975199 at bugs.launchpad.net
Wed Dec 12 19:28:11 UTC 2012
This bug was fixed in the package apt - 0.8.16~exp12ubuntu10.7
---------------
apt (0.8.16~exp12ubuntu10.7) precise-security; urgency=low
* SECURITY UPDATE: change permissions of
/var/log/apt/term.log to 0640 (LP: #975199)
- CVE-2012-0961
-- Michael Vogt <michael.vogt at ubuntu.com> Tue, 04 Dec 2012 15:38:12 +0100
** Changed in: apt (Ubuntu Precise)
Status: Confirmed => Fix Released
** Changed in: apt (Ubuntu Quantal)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/975199
Title:
term.log is world readable and shouldn't be
Status in “apt” package in Ubuntu:
Confirmed
Status in “apt” source package in Oneiric:
Fix Released
Status in “apt” source package in Precise:
Fix Released
Status in “apt” source package in Quantal:
Fix Released
Status in “apt” source package in Raring:
Confirmed
Bug description:
| root at dziban:/etc# ls -l /var/log/apt/term.log*
| -rw-r--r-- 1 root adm 87718 Apr 6 10:33 /var/log/apt/term.log
This file includes anything you type into a shell spawned via dpkg's
conffile handling. I don't expect my root shell sessions to be logged
(keystrokes and all) to a world readable file and I imagine I'm not
the only one.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/975199/+subscriptions
More information about the foundations-bugs
mailing list