Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu 16.10, 16.04 LTS, 14.04 LTS: USN-3156-1 Critical APT Threat

Calendar Dec 13, 2016 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical Ubuntu man-in-the-middle APT
An attacker could trick APT into installing altered packages. 
=========================================================================Ubuntu Security Notice USN-3156-1
December 13, 2016

apt vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

An attacker could trick APT into installing altered packages.

Software Description:
- apt: Advanced front-end for dpkg

Details:

Jann Horn discovered that APT incorrectly handled InRelease files.
If a remote attacker were able to perform a man-in-the-middle attack, this
flaw could potentially be used to install altered packages.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  apt                             1.3.2ubuntu0.1

Ubuntu 16.04 LTS:
  apt                             1.2.15ubuntu0.2

Ubuntu 14.04 LTS:
  apt                             1.0.1ubuntu2.17

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3156-1
  CVE-2016-1252

Package Information:
  https://launchpad.net/ubuntu/+source/apt/1.3.2ubuntu0.1
  https://launchpad.net/ubuntu/+source/apt/1.2.15ubuntu0.2
  https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.17

Ubuntu 16.10, 16.04 LTS, 14.04 LTS: USN-3156-1 Critical APT Threat

ubuntu
Calendar Grey December 13, 2016
Dist Ubuntu Esm H88
A vulnerability in Ubuntu's APT system has been found, allowing potential installation of altered packages. Users should apply updates promptly to protect their systems
An attacker could trick APT into installing altered packages.

Summary

Topics%20covered

Topics Covered

security advisory critical Ubuntu man-in-the-middle APT

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: apt 1.3.2ubuntu0.1 Ubuntu 16.04 LTS: apt 1.2.15ubuntu0.2 Ubuntu 14.04 LTS: apt 1.0.1ubuntu2.17 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3156-1

CVE-2016-1252

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2016

Topics%20covered

Topics Covered

security advisory critical Ubuntu man-in-the-middle APT

Package Information

https://launchpad.net/ubuntu/+source/apt/1.3.2ubuntu0.1 https://launchpad.net/ubuntu/+source/apt/1.2.15ubuntu0.2 https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.17

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here