Security contractor Max Justicz discovered a remote code execution issue in the APT high level package manager used by Ubuntu and other Linux distributions. The bug has been fixed in the latest versions of apt 1.8.15 and 1.4.4~beta2 versions of APT. The vulnerability is present in the package manager itself, and users should take extra steps to avoid having their systems exploited until they update APT to the latest, patched version of the tool used to update the OS components.
Source: https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-patched-in-apt-linux-package-manager/