| Revision Date: | 2014-06-30 | Version: | 22 |
| Title: | USN-1283-1 -- APT vulnerability |
| Description: | apt: Advanced front-end for dpkg Details: It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. Original advisory APT could be made to expose sensitive information over the network. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2011-3634
USN-1283-1
USN-1283-1
|
| Platform(s): | Ubuntu 10.04
Ubuntu 10.10
Ubuntu 11.04
Ubuntu 8.04
| Product(s): | APT
|
| Definition Synopsis |
| Release section Ubuntu 11.04 is installed
AND Installed architecture is all
AND apt DPKG is earlier than 0.8.13.2ubuntu4.3
OR Release section
Ubuntu 8.04 is installed
AND Installed architecture is all
AND apt DPKG is earlier than 0.7.9ubuntu17.4
OR Release section
Ubuntu 10.04 is installed
AND Installed architecture is all
AND apt DPKG is earlier than 0.7.25.3ubuntu9.9
OR Release section
Ubuntu 10.10 is installed
AND Installed architecture is all
AND apt DPKG is earlier than 0.8.3ubuntu7.3
|