Ubuntu 16.10 : apt regression (USN-3156-2)

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal : sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We...

USN-3156-2: APT regression

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal: sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We...

Ubuntu: Security Advisory (USN-3156-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : APT vulnerability (USN-3156-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3156-1 advisory. Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw...

Debian DSA-3733-1 : apt - security update

Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files clearsigned Release files, can ta...

USN-3156-1 apt vulnerability

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

[SECURITY] [DSA 3733-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3733-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3733-1 (apt - security update)

Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files clearsigned Release files, can ta...

Debian: Security Advisory (DSA-3733-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-0214

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2012-0214

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

apt protection bypass

Man-in-the middle attack is possible against repository if InRelease files are used...

DEBIAN-CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories...

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories...

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories...

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories...

Ubuntu: Security Advisory (USN-1762-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 11.10 / 12.04 LTS / 12.10 : apt vulnerability (USN-1762-1)

Ansgar Burchardt discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling InRelease file support completely. Please no...

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories...

[USN-1385-1] APT vulnerability

========================================================================== Ubuntu Security Notice USN-1385-1 March 06, 2012 apt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...