What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3025-1                   security@debian.org
https://www.debian.org/security/                      Salvatore Bonaccorso
September 16, 2014                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : apt
CVE ID         : CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-0490

It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488), performs
incorrect verification of 304 replies (CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command (CVE-2014-0490).

For the stable distribution (wheezy), these problems have been fixed in
version 0.9.7.9+deb7u3.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.9.

We recommend that you upgrade your apt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-3025-1: apt security update

September 16, 2014
It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2...

Summary

For the stable distribution (wheezy), these problems have been fixed in
version 0.9.7.9+deb7u3.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.9.

We recommend that you upgrade your apt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488), performs
incorrect verification of 304 replies (CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command (CVE-2014-0490).

Related News

Threat Actors Use AWS SSM Agent as a Remote Access Trojan

Aug 3, 2023

Ubuntu Desktop "Charting A Course For The Future" With Ubuntu 24.04 LTS Next Year

Aug 27, 2023

Free Download Manager Backdoored to Serve Linux Malware for +3 Years

Sep 16, 2023

Ubuntu 23.10 Improving PPA Management For Enhanced Security & Reliability

May 23, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo