APT Storage Data Vulnerability (CVE-2014-0488)
Release date:
Updated on:
Affected Systems:
Debian apt <1.0.9
Debian apt
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-0488
Apt is the advanced frontend of the software package management tool dpkg.
From the unauthenticated status to the authenticated status transfer, versions earlier than APT 1.0.9 do not invalidate the stored data, which can cause remote attackers to pass the constructed software package and cause security impact.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Debian
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.debian.org/security/
Http://www.debian.org/security/2014/dsa-3025
Software Package tool software APT 1.0.5 released
This article permanently updates the link address: