Marking as a security vulnerability: As noted in <https://bugs.launchpad.net/ubuntu/+source/apt-listchanges/+bug/787802/comments/9>, it's possible to get to a root shell from 'less' (the pager invoked by apt-listchanges). While 'less' is displaying the list of changes, type '!sh' (without the quotes) and hit enter. This allows a user that is authorized to do the org.debian.apt.upgrade-packages policykit action to invoke arbitrary commands as root.
Marking as a security vulnerability: As noted in <https:/ /bugs.launchpad .net/ubuntu/ +source/ apt-listchanges /+bug/787802/ comments/ 9>, it's possible to get to a root shell from 'less' (the pager invoked by apt-listchanges). While 'less' is displaying the list of changes, type '!sh' (without the quotes) and hit enter. This allows a user that is authorized to do the org.debian. apt.upgrade- packages policykit action to invoke arbitrary commands as root.
Note that users are not required to type a password to run the org.debian. apt.upgrade- packages action (see <https:/ /wiki.ubuntu. com/SecurityTea m/FAQ#Update_ Manager_ doesn.27t_ prompt_ for_security_ updates>). This makes it possible for malware running as the authorized user to gain root access without knowing the password.