CVE-2020-27351

CVE-2020-27351 involves memory and file descriptor leaks in the apt-python components used by python-apt (python/arfile.cc, python/tag.cc, python/tarfile.cc). Affected packages include python-apt with listed Ubuntu/Debian release variants (e.g., 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0; 2.0.0ubu...

USN-4668-2: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. We apologize for the inconvenience. Original advisory details: Kevin...

Debian DSA-4809-1 : python-apt - security update

Various memory and file descriptor leaks were discovered in the Python interface to the APT package management runtime library, which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Python-apt Security Vulnerabilities

Python-apt is a Pypi codebase from the Python-apt team that supports the Apt package management tool. A security vulnerability exists in python-apt that stems from python-apt incorrectly handling resources. A local attacker could use this issue to cause python-apt to consume resources, resulting ...

DLA-2488-1 python-apt - security update

Bulletin has no description...

Debian: Security Advisory (DLA-2488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4668-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2488-2 : python-apt regression update

The update for python-apt released as 2488-1 introduced a regression by causing a segmentation fault, which is now fixed with this update. For Debian 9 stretch, this problem has been fixed in version 1.4.3. We recommend that you upgrade your python-apt packages. For the detailed security status o...

Ubuntu: Security Advisory (USN-4668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.10 : python-apt regression (USN-4668-2)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4668-2 advisory. USN-4668-1 introduced a regression in python-apt. Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus h...

[SECURITY] [DLA 2488-1] python-apt security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2488-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 10, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4809-1] python-apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4809-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 09, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4809-1] python-apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4809-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 09, 2020 https://www.debian.org/security/faq -...

USN-4668-1 python-apt vulnerability

Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : python-apt vulnerability (USN-4668-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4668-1 advisory. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-a...

CVE-2020-27351

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0beta1 versions prior to 1.1.0beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versio...

DSA-4809-1 python-apt - security update

Bulletin has no description...

python-apt authorization issue vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An authorization issue vulnerability exists in python-apt. An attacker can exploit this vulnerability to...

CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in Version.fetchbinary and Version.fetchsource of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...