Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Signaturen in APT (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Signaturen in APT (Aktualisierung)
ID: USN-3156-2
Distribution: Ubuntu
Plattformen: Ubuntu 16.10
Datum: Sa, 17. Dezember 2016, 08:42
Referenzen: Keine Angabe
Update von: Mangelnde Prüfung von Signaturen in APT

Originalnachricht


--===============5100909871328099772==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="82I3+IH0IqGh5yIs"
Content-Disposition: inline


--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3156-2
December 17, 2016

apt regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10

Summary:

USN-3156-1 introduced a regression in unattended-upgrades that may require
manual intervention to repair.

Software Description:
- apt: Advanced front-end for dpkg

Details:

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in
unattended-upgrades on that may require manual intervention to repair.

Users on Ubuntu 16.10 should run the following commands at a
terminal:

sudo dpkg --configure --pending
sudo apt-get -f install

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Jann Horn discovered that APT incorrectly handled InRelease files.
If a remote attacker were able to perform a man-in-the-middle attack,
this flaw could potentially be used to install altered packages.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
apt 1.3.3

After a standard system update you should run the following commands
to make all the necessary changes:
sudo dpkg --configure --pending
sudo apt-get -f install

References:
http://www.ubuntu.com/usn/usn-3156-2
http://www.ubuntu.com/usn/usn-3156-1
https://launchpad.net/bugs/1649959

Package Information:
https://launchpad.net/ubuntu/+source/apt/1.3.3


--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYVKM2AAoJEPMhclmdjS6Xs8AIAKM4r1AeRDLWst40NPa9VYme
r0Dt9HVfD5D1AonfvvdAyd0X3Fe3fTtrdEUZ0ps+vlZDQHrcpR9qkdHXC5Ja40aI
sUcbU1kHdxREY0lr98uA1FMelOFtlW4h0XYHyORlXji1fu3PcmWsgTTZ5Y1ae3C0
lLOoZeLCyg6nqsVDsHk7aE0UD+S34DCar0j5Y915VA9fluNfWRdc/EgFWJ2cYGJm
MeFumham0l4/yjioKQrjHWqZhnJw6aHgyyD0nuzaS2O3M7w079OYBAqorD7DZrh1
KHGaJ+3TS5w9b0Wi8iwar/q/7msgf7sjxzZWELthKRU7yBfApQx/8T9eWMf4I1o=
=yGV9
-----END PGP SIGNATURE-----

--82I3+IH0IqGh5yIs--


--===============5100909871328099772==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5100909871328099772==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung