Ubuntu Security Notice 938-1 – It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89513/USN-938-1.txt
Source: https://packetstormsecurity.com/files/89513/Ubuntu-Security-Notice-938-1.html