EUVD-2020-7695

Malware in sbrugna...

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed explan...

The vulnerability of the add-apt-repository utility in the Ubuntu operating system allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the add-apt-repository utility in the Ubuntu operating system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the integrity of protected information...

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

DEBIAN-CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

Code injection

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

CVE-2020-15709

CVE-2020-15709 affects add-apt-repository prior to versions 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1. The issue arises because the PPA description is printed to the terminal as-is, allowing PPA owners to inject ANSI terminal escapes that can modify terminal contents in uni...

CVE-2020-15709 add-apt-repository print ASNI terminal codes

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

Debian DLA-2339-1 : software-properties security update

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository PPA. For Debian 9 stretch, this problem has been fixed in version...

UBUNTU-CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

APT - Repository Signing Bypass via Memory Allocation Failure Vulnerability

Exploit for linux platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease file i...

APT - Repository Signing Bypass via Memory Allocation Failure

APT - Repository Signing Bypass via Memory Allocation Failure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease...

[SECURITY] [DLA-709-1] postgresql-9.1 update

Package : postgresql-9.1 Version : 9.1.24-0+deb7u1 Several bugs were discovered in PostgreSQL, a relational database server system. This update corrects various stability issues. 9.1.24 marks the end of life of the PostgreSQL 9.1 branch. No further releases will be made by the PostgreSQL Global...

New Relic: APT repository is signed using weak digest (SHA-1)

When installing New Relic on a new Ubuntu 16.04 xenial machine to test out the beta, I noticed this warning: W: gpgv:/var/lib/apt/lists/apt.newrelic.comdebiandistsnewrelicRelease.gpg: The repository is insufficiently signed by key B60A3EC9BC013B9C23790EC8B31B29E5548C16BF weak digest This...

Updated apt packages fix security vulnerability

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary cod...

DLA-58-1 apt - security update

Bulletin has no description...