Release date: 2012-10-01
Updated on:
Affected Systems:
Ubuntu Linux 12.x
Ubuntu Linux 11.x
Ubuntu Linux 10.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55736
Cve id: CVE-2012-5356
Ubuntu Software Properties securely installs new Software to the Ubuntu Software library over the Internet.
The apt-add-repository tool of Ubuntu Software Properties does not correctly check the ppa gpa key exported by the key server. Man-in-the-middle attacks can be allowed to install the GPG key of any Software library.
<* Source: Marc Deslauriers (marc.deslauriers@canonical.com)
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Ubuntu
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ubuntulinux.org/