Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-0005-1
HistoryJun 12, 2014 - 12:00 a.m.

apt - security update

2014-06-1200:00:00
Google
osv.dev
10

EPSS

0.001

Percentile

44.3%

JSON

Jakub Wilk discovered that APT, the high level package manager,
did not properly perform authentication checks for source packages
downloaded via “apt-get source”. This only affects use cases where
source packages are downloaded via this command; it does not
affect regular Debian package installation and upgrading.
(CVE-2014-0478)

It was discovered that APT incorrectly handled the Verify-Host
configuration option. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to steal
repository credentials. This only relevant for systems that use APT
sources on https connections (requires the apt-transport-https package
to be installed). (CVE-2011-3634)

For Debian 6 Squeeze, these issues have been fixed in apt version 0.8.10.3+squeeze2

Related

openvas 6
debian 3
prion 2
ubuntu 2
cvelist 2
ubuntucve 2
debiancve 2
cve 2
nessus 3
nvd 2
osv 1
securityvulns 2
openvas
openvas
Debian: Security Advisory (DLA-0005-1)
2023-03-08 00:00:00
Ubuntu Update for apt USN-1283-1
2011-12-02 00:00:00
Ubuntu: Security Advisory (USN-1283-1)
2011-12-02 00:00:00
debian
debian
apt security update
2014-06-12 18:15:29
apt security update
2014-06-12 18:15:47
[SECURITY] [DSA 2958-1] apt security update
2014-06-12 18:09:29
prion
prion
Design/Logic Flaw
2014-03-01 00:55:00
Design/Logic Flaw
2014-06-17 14:55:00
ubuntu
ubuntu
APT vulnerability
2011-11-28 00:00:00
APT vulnerability
2014-06-17 00:00:00
cvelist
cvelist
CVE-2011-3634
2014-02-28 18:00:00
CVE-2014-0478
2014-06-17 14:00:00
ubuntucve
ubuntucve
CVE-2011-3634
2011-10-28 00:00:00
CVE-2014-0478
2014-06-12 00:00:00
debiancve
debiancve
CVE-2011-3634
2014-03-01 00:55:04
CVE-2014-0478
2014-06-17 14:55:06
cve
cve
CVE-2011-3634
2014-03-01 00:55:04
CVE-2014-0478
2014-06-17 14:55:06
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apt vulnerability (USN-1283-1)
2011-11-29 00:00:00
Ubuntu 14.04 LTS : APT vulnerability (USN-2246-1)
2014-06-18 00:00:00
Debian DSA-2958-1 : apt - security update
2014-06-13 00:00:00
nvd
nvd
CVE-2011-3634
2014-03-01 00:55:04
CVE-2014-0478
2014-06-17 14:55:06
osv
osv
apt - security update
2014-06-12 00:00:00
securityvulns
securityvulns
apt insufficient certificate validation
2014-06-13 00:00:00
[SECURITY] [DSA 2958-1] apt security update
2014-06-13 00:00:00

EPSS

0.001

Percentile

44.3%

JSON
Related for OSV:DLA-0005-1
openvas6debian3prion2ubuntu2cvelist2ubuntucve2debiancve2cve2nessus3nvd2osv1securityvulns2