CVE-2014-7206
apt - security update
EPSS 0.05%
Description
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
How to fix CVE-2014-7206
To remediate CVE-2014-7206, upgrade the affected package to a fixed version below.
- Debian/apt—upgrade to 1.0.9.2 or later
- Debian/apt—upgrade to 0.9.7.9+deb7u6 or later
Is CVE-2014-7206 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.0.9.2
- from 0, < 0.9.7.9+deb7u6