drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in APT
Name: |
Mangelnde Prüfung von Zertifikaten in APT |
|
ID: |
USN-1762-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Do, 14. März 2013, 17:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1051 |
|
Applikationen: |
APT |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============2814823432652763370== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigBD64E1426A25BED13F18E880"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBD64E1426A25BED13F18E880 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1762-1 March 14, 2013
apt vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10
Summary:
An attacker could trick APT into installing altered packages.
Software Description: - apt: Advanced front-end for dpkg
Details:
Ansgar Burchardt discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
This update corrects the issue by disabling InRelease file support completely.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: apt 0.9.7.5ubuntu5.4
Ubuntu 12.04 LTS: apt 0.8.16~exp12ubuntu10.10
Ubuntu 11.10: apt 0.8.16~exp5ubuntu13.7
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1762-1 CVE-2013-1051
Package Information: https://launchpad.net/ubuntu/+source/apt/0.9.7.5ubuntu5.4 https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.10 https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubuntu13.7
--------------enigBD64E1426A25BED13F18E880 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRQdXEAAoJEGVp2FWnRL6TbGoP/1K9tMzF7xkcljHP9DiXqEFt UEmvo4ilorZLg1OnnKReBSN+gfnzq2jqt/fM1XhWfN9cTowWjv/Qz8Bq9CEyzzit 6LNR0gI6HYwFTtl9JUOeZzBTBdtGIMUOsnr3K/CKoAZmYW0rX4elLeAfZjnfJ7CD MLtpU37oY+GXv2hSVpeBbm0ky77C7Kpv66kPWM4lgVhtPZnZsBPocjbMYWUBIX+z c7MkSGdGsUdAag3CSkgyCfNE8XvvdT/9ZRZppeYgxPiI2gd8bvbln1xG1PD2M7dd Qnd07LUXlXbf03wBj3yv41Niukx5SVG86AMACJCXGLzBkki/9CBZTPWX/+sOcDXG B9ju+Qxoa4b6U/lT2DtV9R0Jh/aYAPBO12MQDIFkT5fpD/W3KtDfxs+3tSTHVt5h uVX3PStzrEPlWpSoEtzSgw1cC6NGFxyEA3u/wlWmsWguDuLn66BVLfC8ePfqHIKO mOTa/DHD90FRwbH1t+AmC+7YOZf6YL6YaZ9fKka/I51FNiXQAbIsOt4miHHXKJwJ GtUiodXk2AyVMmFEkDlrm/iUpTwimVLJup44bU/JbmivdYME7TRCDn27Chbfti5I fUZY7C18hPKDS4I6eTHs/vSKVfQpNyAaJiRzzxQAjcH877kg05Kwa+5MC9MmjauC RUZTMOMScx35zZZuvgPB =n/Dv -----END PGP SIGNATURE-----
--------------enigBD64E1426A25BED13F18E880--
--===============2814823432652763370== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2814823432652763370==--
|
|
|
|