drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Signaturen in APT (Aktualisierung)
Name: |
Mangelnde Prüfung von Signaturen in APT (Aktualisierung) |
|
ID: |
USN-3156-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.10 |
|
Datum: |
Sa, 17. Dezember 2016, 08:42 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
APT |
|
Update von: |
Mangelnde Prüfung von Signaturen in APT |
|
Originalnachricht |
--===============5100909871328099772== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline
--82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3156-2 December 17, 2016
apt regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
Summary:
USN-3156-1 introduced a regression in unattended-upgrades that may require manual intervention to repair.
Software Description: - apt: Advanced front-end for dpkg
Details:
USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair.
Users on Ubuntu 16.10 should run the following commands at a terminal:
sudo dpkg --configure --pending sudo apt-get -f install
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: apt 1.3.3
After a standard system update you should run the following commands to make all the necessary changes: sudo dpkg --configure --pending sudo apt-get -f install
References: http://www.ubuntu.com/usn/usn-3156-2 http://www.ubuntu.com/usn/usn-3156-1 https://launchpad.net/bugs/1649959
Package Information: https://launchpad.net/ubuntu/+source/apt/1.3.3
--82I3+IH0IqGh5yIs Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJYVKM2AAoJEPMhclmdjS6Xs8AIAKM4r1AeRDLWst40NPa9VYme r0Dt9HVfD5D1AonfvvdAyd0X3Fe3fTtrdEUZ0ps+vlZDQHrcpR9qkdHXC5Ja40aI sUcbU1kHdxREY0lr98uA1FMelOFtlW4h0XYHyORlXji1fu3PcmWsgTTZ5Y1ae3C0 lLOoZeLCyg6nqsVDsHk7aE0UD+S34DCar0j5Y915VA9fluNfWRdc/EgFWJ2cYGJm MeFumham0l4/yjioKQrjHWqZhnJw6aHgyyD0nuzaS2O3M7w079OYBAqorD7DZrh1 KHGaJ+3TS5w9b0Wi8iwar/q/7msgf7sjxzZWELthKRU7yBfApQx/8T9eWMf4I1o= =yGV9 -----END PGP SIGNATURE-----
--82I3+IH0IqGh5yIs--
--===============5100909871328099772== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5100909871328099772==--
|
|
|
|