APT Acquire: GzipIndexes checksum verification Bypass Vulnerability (CVE-2014-0489)
Release date:
Updated on:
Affected Systems:
Debian apt <1.0.9
Debian apt
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-0489
Apt is the advanced frontend of the software package management tool dpkg.
After the Acquire: GzipIndexes option is enabled, versions earlier than APT 1.0.9 do not validate the checksum. This allows remote attackers to execute arbitrary code through the constructed software package.
Software Package tool software APT 1.0.5 released
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Debian
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.debian.org/security/
Http://www.debian.org/security/2014/dsa-3025
This article permanently updates the link address: