[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apt security update

Package        : apt
Version        :
CVE ID         : CVE-2011-3634 CVE-2014-0478
Debian Bug     : 749795

Jakub Wilk discovered that APT, the high level package manager,
did not properly perform authentication checks for source packages
downloaded via "apt-get source". This only affects use cases where
source packages are downloaded via this command; it does not
affect regular Debian package installation and upgrading.

It was discovered that APT incorrectly handled the Verify-Host
configuration option. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to steal
repository credentials. This only relevant for systems that use APT
sources on https connections (requires the apt-transport-https package
to be installed). (CVE-2011-3634)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: