Ubuntu: Security Advisory (USN-4247-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15796 via python-apt (=0.7.8)

python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15796 Source advisory:...

DEBIAN-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2019-15796

CVE-2019-15796 affects the Python-apt package where Version.fetch_binary(), Version.fetch_source(), and _fetch_archives() did not verify signed hashes in versions up to 1.9.3ubuntu2, enabling downloads from unsigned repositories. The issue has been fixed in versions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ub...

CVE-2019-15796 python-apt downloads from untrusted sources

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

USN-4247-2: python-apt regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the...

USN-4247-1: python-apt vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be...

Debian DLA-2074-1 : python-apt security update

Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795 It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be...

Debian: Security Advisory (DLA-2074-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2074-1] python-apt security update

Package : python-apt Version : 0.9.3.13 CVE ID : CVE-2019-15795 CVE-2019-15796 Debian Bug : 944696 Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795 It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. I...

USN-4247-3 python-apt vulnerabilities

USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker...

Ubuntu 16.04 LTS / 18.04 LTS : python-apt vulnerabilities (USN-4247-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4247-1 advisory. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perfo...

Ubuntu: Security Advisory (USN-4247-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : python-apt regression (USN-4247-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4247-2 advisory. USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This upda...

USN-4247-1: python-apt vulnerabilities

It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. CVE-2019-15795 It was discovered that python-apt could...

UBUNTU-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...