Debian Linux Security Advisory 3297-1 - It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.
592353727e99b36bc11ff7fa2a1deaee71c2dfafbe59ccc20cf3e9636b24d375
Ubuntu Security Notice 2657-1 - It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
86ccbecafb837e328f635d2fcc068c94f66e9a887e68593b313fb3216003929b