Apt Security Restriction Bypass Vulnerability (CVE-2014-0487)
Release date:
Updated on:
Affected Systems:
Ubuntu apt
Description:
Bugtraq id: 69836
CVE (CAN) ID: CVE-2014-0487
The apt package is the advanced frontend of dpkg.
When APT does not comply with If-Modified-Since, the downloaded file is not verified again. Attackers can exploit this vulnerability to install malicious software packages on affected computers.
<* Source: vendor
*>
Suggestion:
Vendor patch:
Ubuntu
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://launchpad.net/ubuntu/+source/apt
Http://www.ubuntu.com/usn/usn-2348-1/
Https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.3
Https://launchpad.net/ubuntu/+source/apt/0.8.16 ~ Exp12ubuntu10.19
Https://launchpad.net/ubuntu/+source/apt/0.7.25.3ubuntu9.16
Https://wiki.ubuntu.com/Security/Upgrades
This article permanently updates the link address: