drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in APT
Name: |
Mangelnde Eingabeprüfung in APT |
|
ID: |
USN-3746-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS |
|
Datum: |
Di, 21. August 2018, 07:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501 |
|
Applikationen: |
APT |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4341991301699578269== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NevB0Z3kFuWVnMRFu8fQ8WuDVd35aONEG"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NevB0Z3kFuWVnMRFu8fQ8WuDVd35aONEG Content-Type: multipart/mixed; boundary="hjTOlotKKEAE19FpLrieGbCbtK6ixfFUy"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <c54fe9f8-be18-e443-f55e-e21bfc7b761c@canonical.com> Subject: [USN-3746-1] APT vulnerability
--hjTOlotKKEAE19FpLrieGbCbtK6ixfFUy Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3746-1 August 20, 2018
apt vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
An attacker could trick APT into installing altered packages.
Software Description: - apt: Advanced front-end for dpkg
Details:
It was discovered that APT incorrectly handled the mirror method (mirror://). If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: apt 1.6.3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3746-1 CVE-2018-0501
Package Information: https://launchpad.net/ubuntu/+source/apt/1.6.3ubuntu0.1
--hjTOlotKKEAE19FpLrieGbCbtK6ixfFUy--
--NevB0Z3kFuWVnMRFu8fQ8WuDVd35aONEG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlt7C4UACgkQZWnYVadE vpPU4w/+KXUbJI6PSf5fCJ7wG8zMLQ9beHE+SfwN6UgBsJSYsHCBB+KxWt9OTUOr ahJZPGpXuA32UkyPMbXRZfhRUCuc3T1UWv1adaKYVtQZ1EcmLcdYPnx34kITl9dD h0ZLkbsac7yFcXJH7XPTpcYI3DQivPqinWXOS0+nNSeKRBh0jlqOR3FGdaRSJUcl 9UfW15yThR62Kz2g0nQMVVRs/M4CUvXk1SEpuPnJQQvrYzKk0rw4QfZHUb1XiYSJ YMK/fXCT+kBvkLfv7vNtn/rgnb7MquYp/dgM6bzgWvCUTwzhMaXnUSbFaNNKMR68 TVsywyYQrW2DNUUsPbeHxNwOa0B6Qz+EdUE5wNOUxzOPe7G2KI1Am7pt03INsTf4 ld2lYfltI5mtYWrUz0RVWQ2ETESfxIIDTFYqhDucrZIjXV1F/zBr8JQcqaqSOKy9 mwK30aCkgwAZsrp7nrr619OYTmwICr5yoEenoDjODTwmh1m5wNTTh8b4uTADEXEQ rzLSD/IaqFl9fWsguPqs878cw693/Kl4COfEEWZiUx6/0wKlfgZyNmN/630WVp0s yTwClFLOb74mn7YAkBCAm2XWUTSn+mJ4yzPcRv8EhCgHWBE5ORnWrLe/lfXm43VS Vh0t6nhX1lzUrE8LCCtJjj0tqfFq2VtLWbwjEEqhj6rtST05Hyw= =vohw -----END PGP SIGNATURE-----
--NevB0Z3kFuWVnMRFu8fQ8WuDVd35aONEG--
--===============4341991301699578269== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============4341991301699578269==--
|
|
|
|