14 DAY TRIAL // Canonical published details about the MAAS vulnerabilities in its Ubuntu 13.10, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.
According to the company, the cluster could have been made to run programs as an administrator.
For example, it was discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access.
For a more detailed description of the problems, you can see Canonical's security notification.
The flaws can be fixed if you upgrade your system(s) to the latest maas-region-controller and python-django-maas packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes and you have to restart apache2.