D--

Name of the Vulnerable Software and Affected Versions: foo2zjs versions prior to 20110722dfsg-3ubuntu1 foo2zjs version 20110722dfsg-1 foo2zjs version 20090908dfsg-5.1+squeeze0 Description: The issue allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs, due to insecure creation of temporary files. Recommendations: For foo2zjs version 20110722dfsg-1, update to a version later than 20110722dfsg-1 to resolve the issue. For foo2zjs version 20090908dfsg-5.1+squeeze0, update to a version later than 20090908dfsg-5.1+squeeze0 to resolve the issue. For foo2zjs versions prior to 20110722dfsg-3ubuntu1, update to version 20110722dfsg-3ubuntu1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Software Properties versions prior to 0.81.13.3 **Description** The issue concerns the failure to validate the server certificate when downloading PPA GPG key fingerprints. This allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. **Recommendations** For versions prior to 0.81.13.3, update to version 0.81.13.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Update Manager versions 1:0.87.31.1 and earlier, versions 1:0.134.x through 1:0.134.10.1, versions 1:0.142.x through 1:0.142.22.1, versions 1:0.150.x through 1:0.150.4.1, versions 1:0.152.x through 1:0.152.25.4 **Description** The issue allows man-in-the-middle attackers to create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or bypass authentication via a crafted meta-release file, due to the lack of GPG signature verification before extracting an upgrade tarball. **Recommendations** For versions 1:0.87.31.1 and earlier, update to version 1:0.87.31.1 or later. For versions 1:0.134.x through 1:0.134.10.1, update to version 1:0.134.11.1 or later. For versions 1:0.142.x through 1:0.142.22.1, update to version 1:0.142.23.1 or later. For versions 1:0.150.x through 1:0.150.4.1, update to version 1:0.150.5.1 or later. For versions 1:0.152.x through 1:0.152.25.4, update to version 1:0.152.25.5 or later.

**Name of the Vulnerable Software and Affected Versions** Hammerhead version 2.1.4 **Description** The issue allows local users to write to arbitrary files via a symlink attack on the HH LOG file or the REPORT LOG file. **Recommendations** For version 2.1.4, consider restricting access to the /tmp/hammer.log and REPORT LOG files to prevent a symlink attack until a patch is available.