10 matches found
Updated apt packages fix security vulnerability
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary cod...
[SECURITY] [DLA 58-2] apt regression fix
Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted URL...
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted URL...
CVE-2014-6273
Summary: CVE-2014-6273 is a buffer overflow in the HTTP transport code of apt-get in APT 1.0.1 and earlier , enabling MITM-induced DoS or possible arbitrary code execution via a crafted URL. Multiple connected records confirm: Debian/DLA-58-2 provides a regression fix for apt; OSV entries documen...
[USN-2353-1] APT vulnerability
========================================================================== Ubuntu Security Notice USN-2353-1 September 23, 2014 apt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu 14.04 LTS : APT vulnerability (USN-2353-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2353-1 advisory. It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be...
Ubuntu: Security Advisory (USN-2353-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3031-1] apt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3031-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 23, 2014 http://www.debian.org/security/faq -...
USN-2353-1: APT vulnerability
It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...