drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in APT
Name: |
Mangelnde Prüfung von Zertifikaten in APT |
|
ID: |
USN-1215-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Fr, 23. September 2011, 12:43 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
APT |
|
Originalnachricht |
--===============4771355678159666321== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-KlbhSEliUhOMJ+cpiQI+"
--=-KlbhSEliUhOMJ+cpiQI+ Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1215-1 September 22, 2011
apt vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
An attacker could trick APT into installing altered packages.
Software Description: - apt: Advanced front-end for dpkg
Details:
It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: apt 0.8.13.2ubuntu4.2
Ubuntu 10.10: apt 0.8.3ubuntu7.2
Ubuntu 10.04 LTS: apt 0.7.25.3ubuntu9.7
Ubuntu 8.04 LTS: apt 0.7.9ubuntu17.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1215-1 https://launchpad.net/bugs/856489
Package Information: https://launchpad.net/ubuntu/+source/apt/0.8.13.2ubuntu4.2 https://launchpad.net/ubuntu/+source/apt/0.8.3ubuntu7.2 https://launchpad.net/ubuntu/+source/apt/0.7.25.3ubuntu9.7 https://launchpad.net/ubuntu/+source/apt/0.7.9ubuntu17.3
--ÔlbhSEliUhOMJ+cpiQI+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOe4ZYAAoJEGVp2FWnRL6TEj4QAJlUC6UuIsuKY9djMiAwp6X6 3kLuKRiVxb81d7hMKMna3gqrm4GnMbdzA1oAkmWp6m0xAFnY8QKx7vb2jcjmDxyw cCVayPD/7kxiBq8xp81RQXfi1lNKIm496BW+HBUDxSg1Iz2u6EIjWkdKWt/8TyBT SyixvaDR1nuHwNa2jebGj8z9PIxdjrtQP8tYwom8mqYieo5s4SE4WKah9iodhen1 KZ2SYCl6t4VDsakMlyOd0tDshcSbWdbJaHc4uKiDE5oZhm94JQG1gfziMa+hlxox J1xJWgdkIj8XlrztPWVlSG0QIMNkbil64N3IsBMx8XJ4lR0Hup5mbT19+oORMaGD nXRaSH2usD8WFBZHKywzGdWJ/UGYvEY9jxKDFDp+kxWh7OEGbEKlPLdojFWR6oGj o47XHbfZg3t5dSi47MlkPVwDHzj7Ep3/RTeGOE5V7007OX68vWsJd6p/45Fy++dK my7ydKWI3g2/O5/VIO0LV10UDzCIDHeWwMKGPPQ0TDDXIJPFidsbwOkY4vAOuAB4 Z8Vc/sRL7/3O2lTmVUkZmLh49o/rTbp0YfcYrkA5hF7tirSAkxFEBVOaOmpojoKk pWkOybzcTBZa8RBqWv0XUcLdkmAGJq59YfZ2A+gfwQGqt4zjcDUT3dlDiLyxLBs0 tS7jQeX6Zyn3PiBvIfCh =xV88 -----END PGP SIGNATURE-----
--=-KlbhSEliUhOMJ+cpiQI+--
--===============4771355678159666321== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4771355678159666321==--
|
|
|
|