CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2016-1252

CVE-2016-1252 affects the apt package in Debian (Jessie before 1.0.9.8.4) and in Ubuntu (14.04 LTS before 1.0.1ubuntu2.17, 16.04 LTS before 1.2.15ubuntu0.2, 16.10 before 1.3.2ubuntu0.1; Debian unstable before 1.4~beta2). It permits MITM attackers to bypass repository-signing protection by exploit...

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2016-1252

creationtimestamp| type| source ---|---|--- 2016-12-14 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40916...

Debian DSA-3733-1 : apt - security update

Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files clearsigned Release files, can ta...

[SECURITY] [DSA 3733-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3733-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2016 https://www.debian.org/security/faq -...