Applications using Simple Streams could be made to crash or run programs if it received specially crafted network traffic.
It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream.
24 September 2015
A security issue affects these releases of Ubuntu and its derivatives:
Applications using Simple Streams could be made to crash or run programs if it received specially crafted network traffic.
It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any services that make use of python-simplestreams or python3-simplestreams to make all the necessary changes.