CVE-2015-1330

Name of the Vulnerable Software and Affected Versions unattended-upgrades versions prior to 0.86.1

Description The issue is related to weaknesses in the authentication procedure of the unattended-upgrades component in the Ubuntu operating system. This can be exploited by a remote attacker to upload and execute arbitrary packages when certain options, such as force-confold or force-confnew, are enabled in the DPkg::Options::* apt configuration.

Recommendations For versions prior to 0.86.1, update to version 0.86.1 or later to resolve the issue. As a temporary workaround, consider disabling the force-confold and force-confnew dpkg options in the DPkg::Options::* apt configuration to minimize the risk of exploitation. Restrict access to the unattended-upgrades component to prevent unauthorized package installations until the update is applied.