EUVD-2018-1323

Malware in sbrugna...

EUVD-2012-0251

Malware in sbrugna...

Design/Logic Flaw

The mirror:// method implementation in Advanced Package Tool APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail...

DEBIAN-CVE-2018-0501

The mirror:// method implementation in Advanced Package Tool APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail...

CVE-2018-0501

The mirror:// method implementation in Advanced Package Tool APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail...

CVE-2018-0501

The mirror:// method implementation in Advanced Package Tool APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail...

UBUNTU-CVE-2018-0501

The mirror:// method implementation in Advanced Package Tool APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail...

Design/Logic Flaw

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

DEBIAN-CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2016-1252

CVE-2016-1252 affects the apt package in Debian (Jessie before 1.0.9.8.4) and in Ubuntu (14.04 LTS before 1.0.1ubuntu2.17, 16.04 LTS before 1.2.15ubuntu0.2, 16.10 before 1.3.2ubuntu0.1; Debian unstable before 1.4~beta2). It permits MITM attackers to bypass repository-signing protection by exploit...

Ubuntu 16.10 : apt regression (USN-3156-2)

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal : sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We...

USN-3156-2: APT regression

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal: sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We...

Ubuntu: Security Advisory (USN-3156-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : APT vulnerability (USN-3156-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3156-1 advisory. Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw...

APT - Repository Signing Bypass via Memory Allocation Failure

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease file is downloaded to disk. In a subprocess running the gpgv...

Debian DSA-3733-1 : apt - security update

Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files clearsigned Release files, can ta...

USN-3156-1: APT vulnerability

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

USN-3156-1 apt vulnerability

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

[SECURITY] [DSA 3733-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3733-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2016 https://www.debian.org/security/faq -...