[SECURITY] [DSA 3031-1] apt security update

2014-09-2316:18:11

lists.debian.org

0.005 Low

EPSS

Percentile

76.3%

JSON

Debian Security Advisory DSA-3031-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
September 23, 2014 http://www.debian.org/security/faq

Package : apt
CVE ID : CVE-2014-6273

The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the 'http' apt method binary, or
potentially to arbitrary code execution.

Two regression fixes were included in this update:

Fix regression from the previous update in DSA-3025-1 when the custom
apt configuration option for Dir::state::lists is set to a relative
path (#762160).
Fix regression in the reverificaiton handling of cdrom: sources that
may lead to incorrect hashsum warnings. Affected users need to run
"apt-cdrom add" again after the update was applied.

For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u5.

We recommend that you upgrade your apt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7amd64libapt-pkg-dev< 0.9.7.9+deb7u5libapt-pkg-dev_0.9.7.9+deb7u5_amd64.deb
Debian7mipslibapt-inst1.5< 0.9.7.9+deb7u5libapt-inst1.5_0.9.7.9+deb7u5_mips.deb
Debian7kfreebsd-amd64apt-utils< 0.9.7.9+deb7u5apt-utils_0.9.7.9+deb7u5_kfreebsd-amd64.deb
Debian7powerpcapt< 0.9.7.9+deb7u5apt_0.9.7.9+deb7u5_powerpc.deb
Debian7ia64apt< 0.9.7.9+deb7u5apt_0.9.7.9+deb7u5_ia64.deb
Debian7mipsellibapt-inst1.5< 0.9.7.9+deb7u5libapt-inst1.5_0.9.7.9+deb7u5_mipsel.deb
Debian7s390libapt-inst1.5< 0.9.7.9+deb7u5libapt-inst1.5_0.9.7.9+deb7u5_s390.deb
Debian7mipsellibapt-pkg-dev< 0.9.7.9+deb7u5libapt-pkg-dev_0.9.7.9+deb7u5_mipsel.deb
Debian7i386apt< 0.9.7.9+deb7u5apt_0.9.7.9+deb7u5_i386.deb
Debian7mipselapt< 0.9.7.9+deb7u5apt_0.9.7.9+deb7u5_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	libapt-pkg-dev	< 0.9.7.9+deb7u5	libapt-pkg-dev_0.9.7.9+deb7u5_amd64.deb
Debian	7	mips	libapt-inst1.5	< 0.9.7.9+deb7u5	libapt-inst1.5_0.9.7.9+deb7u5_mips.deb
Debian	7	kfreebsd-amd64	apt-utils	< 0.9.7.9+deb7u5	apt-utils_0.9.7.9+deb7u5_kfreebsd-amd64.deb
Debian	7	powerpc	apt	< 0.9.7.9+deb7u5	apt_0.9.7.9+deb7u5_powerpc.deb
Debian	7	ia64	apt	< 0.9.7.9+deb7u5	apt_0.9.7.9+deb7u5_ia64.deb
Debian	7	mipsel	libapt-inst1.5	< 0.9.7.9+deb7u5	libapt-inst1.5_0.9.7.9+deb7u5_mipsel.deb
Debian	7	s390	libapt-inst1.5	< 0.9.7.9+deb7u5	libapt-inst1.5_0.9.7.9+deb7u5_s390.deb
Debian	7	mipsel	libapt-pkg-dev	< 0.9.7.9+deb7u5	libapt-pkg-dev_0.9.7.9+deb7u5_mipsel.deb
Debian	7	i386	apt	< 0.9.7.9+deb7u5	apt_0.9.7.9+deb7u5_i386.deb
Debian	7	mipsel	apt	< 0.9.7.9+deb7u5	apt_0.9.7.9+deb7u5_mipsel.deb