Apticron

From ICO wiki
Revision as of 12:11, 29 April 2011 by Aalamaa (talk | contribs)
Jump to navigationJump to search

Sissejuhatus

Järgnev artikkel kirjeldab programmi apticron, selle paigaldamist ja seadistamist Linux operatsioonisüsteemides. Juhendi dokumentatsioon on koostatud Ubuntu 10.10 ja Ubuntu Server põhjal. Selleks, et apticron töötaks peab olema paigaldatud ja korrektselt seadistatud postiedastusagent (ing k Mail Transport Agent) , milleks on näiteks postfix.

Programmist

Apticron on shell’i skript, mis saadab e-posti teel nimekirja kõikidest saadaolevatest uuendustest, mida saab antud süsteemis paigaldada ning kokkuvõtte muudatuste kohta kõikides pakkides. Teadete plaanipäraseks saatmiseks kasutab apticron Linuxi süsteemi protsessi cron. Algselt oli programm mõeldud ootel olevate turvauuenduste teatamiseks, kuid seda saab kasutada ka paljudes teistes situatsioonides, kus vajatakse automaatset teate saatmist uuendustest. Apticron oli algselt välja töötatud Colm MacCarthaigh poolt koos Marc Sherman abiga. Alates 2006-st aastast on seda täiendanud Tiago Bortoletto Vaz.

Paigaldamine

Apticroni paigaldamiseks tuleb käsureale sisestada juurkasutaja õigustes järgmine käsk:

apt-get install apticron

Selle tulemusena paigaldatakse apticron koos teiste programmi tööks vajalike pakkidega.

Paigaldatakse järgmised failid:

  • /etc/apticron/apticron.conf
  • /etc/cron.d/apticron
  • /etc/cron.daily/apticron
  • /var/lib/misc/apticron.cron
  • /usr/sbin/apticron

Seadistamine

Selleks, et apticron saadaks uuenduste nimekirja soovitud e-posti aadressile tuleb juurkasutaja õigustes avada teksti redaktoriga apticroni konfiguratsiooni fail.

/etc/apticron/apticron.conf

Konfiguratsiooni failis tuleb muuta kirje EMAIL=“root“ ning selle asemel sisestada:

EMAIL=“<e-posti aadress>“

Selle tulemusena saadetakse uuenduste nimekiri sisestatud e-posti aadressile.

Alternatiiviks eelnevale on ka käsurea käsk:

dpkg-reconfigure apticron

Selle tulemusena avaneb käsureal sinine aken kuhu saab kirjutada soovitud e-posti aadressi uuenduste nimekirja saatmiseks.

Ajakava seadistamine

Vaikimisi käivitatakse apticron kord päevas. Kui on soov käsitsi määrata aeg millal süsteemi protsess cron käivitab apticron'i tuleks juurkasutaja õigustes tekstiredaktoriga (näites on see avatud programmiga nano) avada järgnev fail:

nano /etc/cron.d/apticron

Selle tulemusena kuvatakse faili sisu, kus vaikimis peaks olema kaks rida teksti, mis näeb välja järgmine:

# cron entry for apticron

6 5 * * * root test -x /usr/sbin/apticron && /usr/sbin/apticron --cron

Antud näites käivitatakse apticron iga päeva hommikul kell 05:06

Alumise rea esimesed viis sümbolit on aja parameetrid:

   6       5       *       *        *
[minut] [tund] [kuupäev] [kuu] [nädalapäev]

[minut] - saab valida väärtusi 0-59 või * mis tähendab, et see programm käivitatakse iga minut

[tund] - saab valida väärtusi 0-23 või * mis tähendab, et see programm käivitatakse iga tund

[kuupäev] - saab valida väärtusi 1-31 või * mis tähendab, et see programm käivitatakse iga päev

[kuu] - saab valida väärtusi 1-12 või * mis tähendab, et see programm käivitatakse iga kuu

[nädalapäev] - saab täpsustada millistel päevadel nädalas programm käivitatakse, kus 0=pühapäev, 1=esmaspäev, 2=teisipäev, 3=kolmapäev, 4=neljapäev, 5=reede, 6=laupäev või * mis tähendab et see programm käivitatakse iga nädalapäev

Näidis teade

Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest.

Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu 10.10:

apticron report [Mon, 25 Apr 2011 16:24:37 +0300] ========================================================================

apticron has detected that some packages need upgrading on:

	arvi-VirtualBox 
	[ ::1 127.0.1.1 10.0.2.15 10.0.2.15 ]

The following packages are currently pending an upgrade:

	chromium-browser 10.0.648.205~r81283-0ubuntu0.10.10.1
	chromium-browser-inspector 10.0.648.205~r81283-0ubuntu0.10.10.1
	chromium-codecs-ffmpeg 10.0.648.205~r81283-0ubuntu0.10.10.1
	dhcp3-client 3.1.3-2ubuntu6.2
	dhcp3-common 3.1.3-2ubuntu6.2
	gdm 2.30.5-0ubuntu4.1
	gnome-power-manager 2.32.0-0ubuntu1.1
	gnome-terminal 2.32.0-0ubuntu1.1
	gnome-terminal-data 2.32.0-0ubuntu1.1
	indicator-application 0.2.9-0ubuntu1.1
	initscripts 2.87dsf-4ubuntu19.1
	language-selector 0.6.8
	language-selector-common 0.6.8
	libappindicator0.1-cil 0.2.9-0ubuntu1.1
	libappindicator1 0.2.9-0ubuntu1.1
	libgssapi-krb5-2 1.8.1+dfsg-5ubuntu0.7
	libk5crypto3 1.8.1+dfsg-5ubuntu0.7
	libkrb5-3 1.8.1+dfsg-5ubuntu0.7
	libkrb5support0 1.8.1+dfsg-5ubuntu0.7
	libldap-2.4-2 2.4.23-0ubuntu3.5
	libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.10.1
	libpolkit-agent-1-0 0.96-2ubuntu1.1
	libpolkit-backend-1-0 0.96-2ubuntu1.1
	libpolkit-gobject-1-0 0.96-2ubuntu1.1
	libslp1 1.2.1-7.7ubuntu0.1
	libsmbclient 2:3.5.4~dfsg-1ubuntu8.4
	libtiff4 3.9.4-2ubuntu0.4
	libwbclient0 2:3.5.4~dfsg-1ubuntu8.4
	linux-firmware 1.38.6
	linux-generic 2.6.35.28.36
	linux-headers-2.6.35-28 2.6.35-28.50
	linux-headers-2.6.35-28-generic 2.6.35-28.50
	linux-headers-generic 2.6.35.28.36
	linux-image-2.6.35-28-generic 2.6.35-28.50
	linux-image-generic 2.6.35.28.36
	policykit-1 0.96-2ubuntu1.1
	python-appindicator 0.2.9-0ubuntu1.1
	python-cupshelpers 1.2.3+20100723-0ubuntu8.2
	python-gnomeapplet 2.30.0-1ubuntu5.1
	python-gnomekeyring 2.30.0-1ubuntu5.1
	python-gtkspell 2.25.3-5ubuntu2.1
	python-wnck 2.30.0-1ubuntu5.1
	samba-common 2:3.5.4~dfsg-1ubuntu8.4
	samba-common-bin 2:3.5.4~dfsg-1ubuntu8.4
	smbclient 2:3.5.4~dfsg-1ubuntu8.4
	system-config-printer-common 1.2.3+20100723-0ubuntu8.2
	system-config-printer-gnome 1.2.3+20100723-0ubuntu8.2
	system-config-printer-udev 1.2.3+20100723-0ubuntu8.2
	sysv-rc 2.87dsf-4ubuntu19.1
	sysvinit-utils 2.87dsf-4ubuntu19.1
	tomboy 1.4.2-0ubuntu2
	tzdata 2011e-0ubuntu0.10.10
	update-manager 1:0.142.23
	update-manager-core 1:0.142.23
	w3m 0.5.2-6ubuntu1
	x11-xserver-utils 7.5+2ubuntu1.1

========================================================================

Package Details:

Reading changelogs...
--- Changes for chromium-browser (chromium-browser chromium-browser-inspector chromium-codecs-ffmpeg) --- chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py

 -- Fabien Tassin <fta@ubuntu.com>  Thu, 14 Apr 2011 22:36:16 +0200

--- Changes for dhcp3 (dhcp3-client dhcp3-common) ---
dhcp3 (3.1.3-2ubuntu6.2) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
    - Patch for CVE-2011-0997 was getting reverted during the build
      because of special quilt handling in debian/rules for the ldap
      patches.
    - debian/patches/00list: move CVE-2011-0997 patch before the ldap
      patches, and add comment.
    - CVE-2011-0997

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 19 Apr 2011 09:03:47 -0400

dhcp3 (3.1.3-2ubuntu6.1) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted hostname
    - debian/patches/CVE-2011-0997.dpatch: filter strings in
      client/dhclient.c, common/options.c.
    - CVE-2011-0997

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 11 Apr 2011 08:55:27 -0400

--- Changes for gdm ---
gdm (2.30.5-0ubuntu4.1) maverick-security; urgency=low

  * SECURITY UPDATE: race condition allowing privilege escalation
    - debian/patches/91_CVE-2011-0727.patch: fix
      daemon/gdm-session-worker.c to copy files as session user rather
      than root followed by a subsequent chown.
    - CVE-2011-0727

 -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 29 Mar 2011 09:27:07 -0700

--- Changes for gnome-power-manager ---
gnome-power-manager (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low

  * debian/patches/12-add-appindicators.patch:
    - Fix leak by working around a libappindicator bug.  LP: #569273

 -- Michael Terry <mterry@ubuntu.com>  Wed, 16 Mar 2011 15:55:26 -0400

--- Changes for gnome-python-desktop (python-gnomeapplet python-gnomekeyring python-wnck) --- gnome-python-desktop (2.30.0-1ubuntu5.1) maverick-proposed; urgency=low

  * 01_wnck_enums.patch: Patch from upstream bugzilla, fix flags in the wnck
    module that were declared as enums. (LP: #642913)

 -- Stefano Rivera <stefanor@ubuntu.com>  Sat, 12 Mar 2011 23:55:41 +0200

--- Changes for gnome-python-extras (python-gtkspell) --- gnome-python-extras (2.25.3-5ubuntu2.1) maverick-proposed; urgency=low

  * Have dh_xulrunner install a dependency on xulrunner for python-gtkmozembed
    again (LP: #695728)
    - update debian/rules 

 -- Micah Gersten <micahg@ubuntu.com>  Fri, 07 Jan 2011 09:21:14 -0600

--- Changes for gnome-terminal (gnome-terminal gnome-terminal-data) --- gnome-terminal (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low

  * debian/patches/21_watch_clipboard.patch:
    - Watch clipboard contents for paste shorkey to work. (LP: #630383)

 -- Omer Akram <om26er@ubuntu.com>  Sun, 13 Mar 2011 20:20:13 +0500

--- Changes for indicator-application (indicator-application libappindicator0.1-cil libappindicator1 python-appindicator) --- indicator-application (0.2.9-0ubuntu1.1) maverick-proposed; urgency=low

  * debian/patches/10-fix-theme-changed-crash.patch:
    - Don't crash due to theme changes.  LP: #708188

 -- Michael Terry <mterry@ubuntu.com>  Wed, 16 Mar 2011 15:28:25 -0400

--- Changes for krb5 (libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0) ---
krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004

 -- Kees Cook <kees@ubuntu.com>  Mon, 18 Apr 2011 15:40:00 -0700

--- Changes for language-selector (language-selector language-selector-common) --- language-selector (0.6.8) maverick-security; urgency=low

  * debian/language-selector-common.postinst: allow missing backend.

 -- Kees Cook <kees@ubuntu.com>  Tue, 19 Apr 2011 13:08:16 -0700

language-selector (0.6.7) maverick-security; urgency=low

  [ Kees Cook ]
  * SECURITY UPDATE: language selector backend did not verify policy kit
    authentication.
    - debian/language-selector-common.postinst: shut down old backend.
    - CVE-2011-0729

  [ Martin Pitt ]
  * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
    and only proceed if it succeeded. Thanks to Romain Perier for finding this
    and providing the patch! This fixes a local root privilege escalation, as
    this allows any authenticated user to write arbitrary shell commands into
    /etc/default/locale. (LP: #764397)
  * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
    in it, to further prevent injecting shell code into /etc/default/locale
    for authenticated users. Thanks to Felix Geyer for the initial patch!
    (LP: #764397)
  * debian/control: Update Vcs-Bzr: for newly created maverick branch.

 -- Kees Cook <kees@ubuntu.com>  Tue, 19 Apr 2011 10:31:37 -0700

--- Changes for linux-firmware ---
linux-firmware (1.38.6) maverick-proposed; urgency=low

  * iwlwifi: add updated firmware for 5000 devices
    update iwlwifi-5000-5.ucode for 5000 series devices
    version: 8.83.5.1 - fix "tid mismatch" issue
    - LP: #728510

 -- Tim Gardner <tim.gardner@canonical.com>  Thu, 03 Mar 2011 09:05:44 -0700

--- Changes for linux-meta (linux-generic linux-headers-generic linux-image-generic) --- linux-meta (2.6.35.28.36) maverick-proposed; urgency=low

  * Bump ABI - Maverick ABI 28

 -- Brad Figg <brad.figg@canonical.com>  Mon, 28 Feb 2011 14:46:01 -0800

linux-meta (2.6.35.27.35) maverick-proposed; urgency=low

  [ Tim Gardner ]

  * LBM generic-pae packages are only built for i386
    - LP: #720139
  * LBM server packages are only built for amd64
    - LP: #720139

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 17 Feb 2011 14:55:31 +0100

linux-meta (2.6.35.27.34) maverick-proposed; urgency=low

  * Bump ABI - Maverick ABI 26

 -- Brad Figg <brad.figg@canonical.com>  Thu, 10 Feb 2011 13:54:00 -0800

linux-meta (2.6.35.26.33) maverick-proposed; urgency=low

  * Bump ABI - Maverick ABI 26

 -- Steve Conklin <sconklin@canonical.com>  Fri, 28 Jan 2011 14:50:56 -0600

--- Changes for nss (libnss3-1d) ---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release v3.12.9 with updated ckbi module
    (NSS_3_12_9_WITH_CKBI_1_82_RTM)
    - SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
      explicitly mark the recently issued and revoked fraudulent certificates
      as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
      attempting to verify one of these fraudulent certificates (LP: #741729)
  * Add new symbols
    - update debian/libnss3-1d.symbols

 -- Micah Gersten <micahg@ubuntu.com>  Tue, 29 Mar 2011 03:13:10 -0500

--- Changes for openldap (libldap-2.4-2) --- openldap (2.4.23-0ubuntu3.5) maverick-security; urgency=low

  * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
    using forwarded authentication failures
    - debian/patches/CVE-2011-1024
    - CVE-2011-1024
  * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
    backend. Note: Ubuntu is not compiled with --enable-ndb by default
    - debian/patches/CVE-2011-1025
    - CVE-2011-1025
  * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
    and requestDN is empty
    - debian/patches/CVE-2011-1081
    - CVE-2011-1081

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 16 Mar 2011 09:48:17 -0500

--- Changes for openslp-dfsg (libslp1) --- openslp-dfsg (1.2.1-7.7ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via circular reference
    - debian/patches/CVE-2010-3609.patch: detect circular reference in
      common/slp_message.c. Patch thanks to SUSE.
    - CVE-2010-3609
  * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
    debian/patches actually get applied.
  * debian/patches/series: disable 01_have_net_if_arp.diff and
    99_autoreconf.diff since they had never been applied.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 05 Apr 2011 14:50:59 -0400

--- Changes for policykit-1 (libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 policykit-1) ---
policykit-1 (0.96-2ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE: avoid /proc race conditions when checking privileges
    for pkexec.
    - 10_fix_proc_race.patch
    - CVE-2011-1485

 -- Kees Cook <kees@ubuntu.com>  Tue, 19 Apr 2011 12:25:33 -0700

--- Changes for samba (libsmbclient libwbclient0 samba-common samba-common-bin smbclient) --- samba (2:3.5.4~dfsg-1ubuntu8.4) maverick-proposed; urgency=low

  * debian/patches/ntlm-auth-lp623342.patch: ntlm_auth returns an invalid
    response key. (LP: #623342) Patch taken from upstream
    (https://bugzilla.samba.org/show_bug.cgi?id=7568)

 -- Stefano Rivera <stefanor@ubuntu.com>  Wed, 02 Mar 2011 22:38:19 +0100

--- Changes for system-config-printer (python-cupshelpers system-config-printer-common system-config-printer-gnome system-config-printer-udev) --- system-config-printer (1.2.3+20100723-0ubuntu8.2) maverick-proposed; urgency=low

  * debian/patches/75_do-not-list-duplicate-ppd-nicknames.patch: Fixed the
    patch to suppress duplicate listings of the same PPD file. The wrong
    entries were correctly suppressed, but the selection was applied to list
    which still contained them and so it often came to another driver than the
    selected one being set up (LP: #739375).

 -- Till Kamppeter <till.kamppeter@gmail.com>  Tue, 22 Mar 2010 20:54:06 +0100

--- Changes for sysvinit (initscripts sysv-rc sysvinit-utils) --- sysvinit (2.87dsf-4ubuntu19.1) maverick-proposed; urgency=low

  * debian/initscripts/etc/init.d/umountroot: Improve handling of 
    respawn of init: we now wait for inits map file to change. If this doesn't
    happen within 5 seconds, we unmount forcibly. (LP: #672177)

 -- James Hunt <james.hunt@ubuntu.com>  Fri, 28 Jan 2011 11:45:35 +0000

--- Changes for tiff (libtiff4) ---
tiff (3.9.4-2ubuntu0.4) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via malformed JPEG
    - debian/patches/CVE-2009-5022.patch: check width in
      libtiff/tif_ojpeg.c.
    - CVE-2009-5022

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 20 Apr 2011 13:04:56 -0400

tiff (3.9.4-2ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted
    THUNDER_2BITDELTAS data
    - debian/patches/CVE-2011-1167.patch: validate bitspersample and
      make sure npixels is sane in libtiff/tif_thunder.c.
    - CVE-2011-1167

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 30 Mar 2011 13:02:48 -0400

--- Changes for tomboy ---
tomboy (1.4.2-0ubuntu2) maverick-proposed; urgency=low

  * debian/patches/06_use_ubuntu_sso.patch
    - Use the Ubuntu One production services instead of edge
      servers (LP: #745721)

 -- Ken VanDine <ken.vandine@canonical.com>  Wed, 30 Mar 2011 10:28:48 -0400

--- Changes for tzdata ---
tzdata (2011e-0ubuntu0.10.10) maverick-proposed; urgency=low

  * New upstream release 2011e: (LP: #747946)
    - africa: Add start and end of DST in 2011 in Morocco.
    - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th

 -- Gary Lasker <gary.lasker@canonical.com>  Sat, 02 Apr 2011 11:21:16 -0400

--- Changes for update-manager (update-manager update-manager-core) --- update-manager (1:0.142.23) maverick-proposed; urgency=low

  * DistUpgrade/DistUpgradeController.py:
    - add quirks handler for upgrade form the kubuntu ppa 
      (LP: #680088)
  * UpdateManager/Core/DistUpgradeFetcherCore.py, do-release-upgrade:
    - fix deprecation warnings (LP: #744990)

 -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 30 Mar 2011 10:01:59 +0200

--- Changes for w3m ---
w3m (0.5.2-6ubuntu1) maverick-proposed; urgency=low

  * debian/patches/091_button.patch:
    - Support the button element as defined in HTML 4.01.
      Backport of 020_button.patch from natty.
      (LP: #683337, Closes: #136810)

 -- Tuomas Heino <iheino+ub@cc.hut.fi>  Mon, 17 Jan 2011 09:57:32 +0200

--- Changes for x11-xserver-utils ---
x11-xserver-utils (7.5+2ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
    - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
      case.
    - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
    - CVE-2011-0465

 -- Timo Aaltonen <tjaalton@ubuntu.com>  Wed, 06 Apr 2011 17:44:41 +0300

========================================================================

You can perform the upgrade by issuing the command:

	aptitude full-upgrade

as root on arvi-VirtualBox

--
apticron