Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Ubuntu 12.04 LTS: USN-1666-1 Critical Aptdaemon Flaw DoS

Calendar Dec 17, 2012 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical ubuntu package management man-in-the-middle aptdaemon GPG key exploit
Aptdaemon could be tricked into installing arbitrary PPA GPG keys. 
=========================================================================Ubuntu Security Notice USN-1666-1
December 17, 2012

aptdaemon vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

Aptdaemon could be tricked into installing arbitrary PPA GPG keys.

Software Description:
- aptdaemon: transaction based package management service

Details:

It was discovered that Aptdaemon incorrectly validated PPA GPG keys when
importing from a keyserver. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  aptdaemon                       0.43+bzr805-0ubuntu7

Ubuntu 11.10:
  aptdaemon                       0.43+bzr697-0ubuntu1.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1666-1
  CVE-2012-0962

Package Information:
  https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu7
  https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.3

Ubuntu 12.04 LTS: USN-1666-1 Critical Aptdaemon Flaw DoS

ubuntu
Calendar Grey December 17, 2012
Dist Ubuntu Esm H88
A vulnerability in Aptdaemon found in Ubuntu may enable the installation of any arbitrary PPA GPG keys, heightening security concerns.
Aptdaemon could be tricked into installing arbitrary PPA GPG keys.

Summary

Topics%20covered

Topics Covered

security advisory critical ubuntu package management man-in-the-middle aptdaemon GPG key exploit

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: aptdaemon 0.43+bzr805-0ubuntu7 Ubuntu 11.10: aptdaemon 0.43+bzr697-0ubuntu1.3 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1666-1

CVE-2012-0962

Severity
critical
Lowest
Low
Medium
High
Critical

December 17, 2012

Topics%20covered

Topics Covered

security advisory critical ubuntu package management man-in-the-middle aptdaemon GPG key exploit

Package Information

https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu7 https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here