Ubuntu Security Notice 2013-1 - It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. It was discovered that maas-import-pxe-files doesn't cryptographically verify downloaded content. An attacker could modify images without detection. Various other issues were also addressed.
abfb080471077aa526f708385060f26bb47afecc1f1d5ba12e53f72663b04cdb