[SECURITY] Fedora 42 Update: apt-3.1.15-2.fc42

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

[SECURITY] Fedora 43 Update: apt-3.1.15-2.fc43

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

EUVD-2011-3338

Malware in sbrugna...

CLSA-2025-1744116044 Fix CVE(s): CVE-2016-8614

SECURITY UPDATE: improper verification of key fingerprints in aptkey module - debian/patches/CVE-2016-8614.patch: fix use of long key IDs for delete, check for keyid presence and fix keyid length for verification. Fix reversed order of return values in parsekeyid function - CVE-2016-8614...

SUSE CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key...

Advanced Packaging Tools Data Forgery Issue Vulnerability

Advanced Packaging Tools APT is a package manager that automatically downloads, configures, and installs packages in binary or source code format. There is a data forgery problem vulnerability in apt-key in APT, which can be exploited by an attacker to execute a man-in-the-middle attack...

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

DEBIAN-CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

Code injection

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

UBUNTU-CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key...

DEBIAN-CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key...

Ansible Security Bypass Vulnerability (CNVD-2016-10736)

Ansible is a newly emerged operation and maintenance tool that is based on Python and combines the advantages of many old operation and maintenance tools to achieve batch operating system configuration, batch program deployment, batch running commands and other functions. A security bypass...

Design/Logic Flaw

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

CVE-2012-3587

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apt vulnerability (USN-1283-1)

It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. CVE-2011-3634...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apt vulnerabilities (USN-1215-1)

It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling th...