UbuntuUSN-2348-1APT vulnerabilities
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.2%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- apt - Advanced front-end for dpkg
Details
It was discovered that APT did not re-verify downloaded files when the
If-Modified-Since wasn’t met. (CVE-2014-0487)
It was discovered that APT did not invalidate repository data when it
switched from an unauthenticated to an authenticated state. (CVE-2014-0488)
It was discovered that the APT Acquire::GzipIndexes option caused APT to
skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS, and was not enabled by default. (CVE-2014-0489)
It was discovered that APT did not correctly validate signatures when
manually downloading packages using the download command. This issue only
applied to Ubuntu 12.04 LTS. (CVE-2014-0490)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | apt | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | apt-transport-https | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | apt-utils | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapt-inst1.5 | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapt-pkg-dev | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libapt-pkg4.12 | < 1.0.1ubuntu2.3 | UNKNOWN |
| Ubuntu | 12.04 | noarch | apt | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
| Ubuntu | 12.04 | noarch | apt-transport-https | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
| Ubuntu | 12.04 | noarch | apt-utils | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libapt-inst1.4 | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
Related
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.2%