[SECURITY] [DSA 3025-2] apt regression update

2014-09-1820:30:42

lists.debian.org

Debian Security Advisory DSA-3025-2 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2014 http://www.debian.org/security/faq

Package : apt
Debian Bug : 762079

The previous update for apt, DSA-3025-1, introduced a regression when
file:/// sources are used and those are on a different partition than
the apt state directory. This update fixes the regression.

For reference, the original advisory follows.

It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488), performs
incorrect verification of 304 replies (CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command (CVE-2014-0490).

For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u4.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.9.1.

We recommend that you upgrade your apt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7allapt< 0.9.7.9+deb7u3apt_0.9.7.9+deb7u3_all.deb
Debian7mipsellibapt-inst1.5< 0.9.7.9+deb7u3libapt-inst1.5_0.9.7.9+deb7u3_mipsel.deb
Debian7kfreebsd-i386libapt-pkg4.12< 0.9.7.9+deb7u3libapt-pkg4.12_0.9.7.9+deb7u3_kfreebsd-i386.deb
Debian7mipsapt-transport-https< 0.9.7.9+deb7u3apt-transport-https_0.9.7.9+deb7u3_mips.deb
Debian7ia64libapt-pkg-dev< 0.9.7.9+deb7u3libapt-pkg-dev_0.9.7.9+deb7u3_ia64.deb
Debian7amd64libapt-pkg-dev< 0.9.7.9+deb7u3libapt-pkg-dev_0.9.7.9+deb7u3_amd64.deb
Debian7mipslibapt-pkg-dev< 0.9.7.9+deb7u3libapt-pkg-dev_0.9.7.9+deb7u3_mips.deb
Debian7kfreebsd-i386apt-utils< 0.9.7.9+deb7u3apt-utils_0.9.7.9+deb7u3_kfreebsd-i386.deb
Debian7s390xapt-utils< 0.9.7.9+deb7u3apt-utils_0.9.7.9+deb7u3_s390x.deb
Debian7s390xlibapt-pkg4.12< 0.9.7.9+deb7u3libapt-pkg4.12_0.9.7.9+deb7u3_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	apt	< 0.9.7.9+deb7u3	apt_0.9.7.9+deb7u3_all.deb
Debian	7	mipsel	libapt-inst1.5	< 0.9.7.9+deb7u3	libapt-inst1.5_0.9.7.9+deb7u3_mipsel.deb
Debian	7	kfreebsd-i386	libapt-pkg4.12	< 0.9.7.9+deb7u3	libapt-pkg4.12_0.9.7.9+deb7u3_kfreebsd-i386.deb
Debian	7	mips	apt-transport-https	< 0.9.7.9+deb7u3	apt-transport-https_0.9.7.9+deb7u3_mips.deb
Debian	7	ia64	libapt-pkg-dev	< 0.9.7.9+deb7u3	libapt-pkg-dev_0.9.7.9+deb7u3_ia64.deb
Debian	7	amd64	libapt-pkg-dev	< 0.9.7.9+deb7u3	libapt-pkg-dev_0.9.7.9+deb7u3_amd64.deb
Debian	7	mips	libapt-pkg-dev	< 0.9.7.9+deb7u3	libapt-pkg-dev_0.9.7.9+deb7u3_mips.deb
Debian	7	kfreebsd-i386	apt-utils	< 0.9.7.9+deb7u3	apt-utils_0.9.7.9+deb7u3_kfreebsd-i386.deb
Debian	7	s390x	apt-utils	< 0.9.7.9+deb7u3	apt-utils_0.9.7.9+deb7u3_s390x.deb
Debian	7	s390x	libapt-pkg4.12	< 0.9.7.9+deb7u3	libapt-pkg4.12_0.9.7.9+deb7u3_s390x.deb

Rows per page:

1-10 of 811

JSON

Related for DEBIAN:DSA-3025-2:CA43A