Gentoo FoundationMGASA-2014-0442Updated apt packages fix security vulnerability
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.1%
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the “http” apt method binary, or potentially to arbitrary code execution (CVE-2014-6273). Also fixed is parsing of Mageia package index “synthesis” files with lines longer than 64k characters. This is necessary for upgrading to the “cauldron” development distro that will become Mageia 5. Note however that upgrading from Mageia 3 to Mageia 5 will not be supported.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | apt | < 0.5.15lorg3.94-9.2 | apt-0.5.15lorg3.94-9.2.mga3 |
| Mageia | 4 | noarch | apt | < 0.5.15lorg3.94-11.2 | apt-0.5.15lorg3.94-11.2.mga4 |
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.1%