drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in python-apt (Aktualisierung)
Name: |
Zwei Probleme in python-apt (Aktualisierung) |
|
ID: |
USN-4247-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM, Ubuntu 14.04 ESM |
|
Datum: |
Do, 23. Januar 2020, 18:36 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15795 |
|
Applikationen: |
python-apt |
|
Update von: |
Zwei Probleme in python-apt |
|
Originalnachricht |
--===============1077937051372986938== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IiVenqGWf+H9Y6IX" Content-Disposition: inline
--IiVenqGWf+H9Y6IX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4247-3 January 23, 2020
python-apt vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM - Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in python-apt.
Software Description: - python-apt: Python interface to libapt-pkg
Details:
USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: python-apt 0.9.3.5ubuntu3+esm2 python3-apt 0.9.3.5ubuntu3+esm2
Ubuntu 12.04 ESM: python-apt 0.8.3ubuntu7.5 python3-apt 0.8.3ubuntu7.5
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4247-3 https://usn.ubuntu.com/4247-1 CVE-2019-15795, CVE-2019-15796
--IiVenqGWf+H9Y6IX Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4pxf4ACgkQRbznW4QL H2nioBAAoS9wE3iZxfXcdORME61zFMFU4n+bMwXUor3h1RXzPBavdykCNrrYQtnz slwQDp4SAkhtWq+VPtM4kiSpo7n/jyCv9BdKZI02tfz2Elm9DTVyzRHf+bporD1g gNkOi50Tbv72L9Jwv4mgW11wg6E4zhuUd63LuSwGcSWA0jS6JB2N+5G2HK7JTnd2 Oa0Cw/fn4ZF7DtA4LnRoM0S6nBxxSYlWdnpw1z4odaPu4KurlPMuaSLNupf2TRUD 9UEJUHbC0jfrvt7i5A4+95/Rcy/9fPhFXbkTmayd49KnHUURvI1dF6w0gadwfLPl h71YF3wj42RBzUhf57aCYP861NlSYb4ADreWoe3j2zVSH0+IN7p9933OyY/E4Bc/ lkp75j9tBQoejaIpfwCYxLaQl4jZWKI3mpw9ReItGP2swzAxEAA3LULc4XCKwgrJ oFghHuPmQtbP9NEuMZaoMfoLhS2wOtC9wwRgBHEEofzLqRI7D+Wzi5bIUan3gbzt kgOvD4/KzOeaKBBCRcN1pM5VFUd+bIOziGa9QWYNbUodXS27ZkHmlK/Ye3IsS15h wL0uB6YRfTqzUUTgxd5K+IZyr5HVQi66v811VRuUqKfLU/kXEuUiYnjo+5Ki7wUY xJQLx/tRGlnMc4DcgAFNqa+KFPPkb13+ab/nLRjKACAO1SeqBYA= =1URd -----END PGP SIGNATURE-----
--IiVenqGWf+H9Y6IX--
--===============1077937051372986938== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|