USN-4247-3: python-apt vulnerabilities

USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker...

Ubuntu: Security Advisory (USN-4247-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-4609-1 python-apt - security update

Bulletin has no description...

DLA-2074-1 python-apt - security update

Bulletin has no description...

Ubuntu 16.04 LTS / 18.04 LTS : python-apt vulnerabilities (USN-4247-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4247-1 advisory. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perfo...

Ubuntu: Security Advisory (USN-4247-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : python-apt regression (USN-4247-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4247-2 advisory. USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This upda...

USN-4247-2: python-apt regression

USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes t...

USN-4247-2 python-apt regression

USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes t...

USN-4247-1: python-apt vulnerabilities

It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. CVE-2019-15795 It was discovered that python-apt could...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in Version.fetchbinary and Version.fetchsource of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions...

UBUNTU-CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in Version.fetchbinary and Version.fetchsource of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions...

Debian DLA-1511-1 : reportbug update

Reportbug, a tool designed to make the reporting of bugs in Debian easier, was further enhanced to automatically detect bug reports for potential regressions caused by a security update. After user confirmation an additional email with a copy of the report will be sent to the debian-lts mailing...