OVAL Reference oval:org.mitre.oval:def:26659

CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490)."> OVAL Reference oval:org.mitre.oval:def:26659 - CERT Civis.Net

Oval Definition: oval:org.mitre.oval:def:26659

Revision Date:	2014-11-10	Version:	4
Title:	DSA-3025-1 apt - security update
Description:	It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the `apt-get download` command (CVE-2014-0490).
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-0490 DSA-3025-1
Platform(s):	Debian GNU/kFreeBSD 7.0 Debian GNU/Linux 7.0	Product(s):	apt
Definition Synopsis
Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND apt DPKG is earlier than 0:0.9.7.9+deb7u3

BACK