If you want to install a program on the Debian/Ubuntu/MintLinux distribution family, you almost always end up using the core software installer program Advanced Package Tool (apt). It works well, but security researcher Max Justicz recently found a nasty way to make a man-in-the-middle attack on apt.
Adding salt to this wound, Justicz found the hole would enable a remote attacker to execute arbitrary code as root on any system installing any package. To understand how it attacks, you need to understand how apt works.