drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in python-apt (Aktualisierung)
| Name: |
Zwei Probleme in python-apt (Aktualisierung) |
|
| ID: |
USN-4247-3 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.04 ESM, Ubuntu 14.04 ESM |
|
| Datum: |
Do, 23. Januar 2020, 18:36 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15795 |
|
| Applikationen: |
python-apt |
|
| Update von: |
Zwei Probleme in python-apt |
|
Originalnachricht |
--===============1077937051372986938==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="IiVenqGWf+H9Y6IX"
Content-Disposition: inline
--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4247-3
January 23, 2020
python-apt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in python-apt.
Software Description:
- python-apt: Python interface to libapt-pkg
Details:
USN-4247-1 fixed several vulnerabilities in python-apt. This update
provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that python-apt would still use MD5 hashes to validate
certain downloaded packages. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to install
altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted
repositories, contrary to expectations. (CVE-2019-15796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
python-apt 0.9.3.5ubuntu3+esm2
python3-apt 0.9.3.5ubuntu3+esm2
Ubuntu 12.04 ESM:
python-apt 0.8.3ubuntu7.5
python3-apt 0.8.3ubuntu7.5
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4247-3
https://usn.ubuntu.com/4247-1
CVE-2019-15795, CVE-2019-15796
--IiVenqGWf+H9Y6IX
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4pxf4ACgkQRbznW4QL
H2nioBAAoS9wE3iZxfXcdORME61zFMFU4n+bMwXUor3h1RXzPBavdykCNrrYQtnz
slwQDp4SAkhtWq+VPtM4kiSpo7n/jyCv9BdKZI02tfz2Elm9DTVyzRHf+bporD1g
gNkOi50Tbv72L9Jwv4mgW11wg6E4zhuUd63LuSwGcSWA0jS6JB2N+5G2HK7JTnd2
Oa0Cw/fn4ZF7DtA4LnRoM0S6nBxxSYlWdnpw1z4odaPu4KurlPMuaSLNupf2TRUD
9UEJUHbC0jfrvt7i5A4+95/Rcy/9fPhFXbkTmayd49KnHUURvI1dF6w0gadwfLPl
h71YF3wj42RBzUhf57aCYP861NlSYb4ADreWoe3j2zVSH0+IN7p9933OyY/E4Bc/
lkp75j9tBQoejaIpfwCYxLaQl4jZWKI3mpw9ReItGP2swzAxEAA3LULc4XCKwgrJ
oFghHuPmQtbP9NEuMZaoMfoLhS2wOtC9wwRgBHEEofzLqRI7D+Wzi5bIUan3gbzt
kgOvD4/KzOeaKBBCRcN1pM5VFUd+bIOziGa9QWYNbUodXS27ZkHmlK/Ye3IsS15h
wL0uB6YRfTqzUUTgxd5K+IZyr5HVQi66v811VRuUqKfLU/kXEuUiYnjo+5Ki7wUY
xJQLx/tRGlnMc4DcgAFNqa+KFPPkb13+ab/nLRjKACAO1SeqBYA=
=1URd
-----END PGP SIGNATURE-----
--IiVenqGWf+H9Y6IX--
--===============1077937051372986938==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
