Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu: 3863-2 Critical: APT Man-In-The-Middle Package Installation

Calendar Jan 22, 2019 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle package installation APT altered packages
An attacker could trick APT into installing altered packages. 
=========================================================================Ubuntu Security Notice USN-3863-2
January 22, 2019

apt vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

An attacker could trick APT into installing altered packages.

Software Description:
- apt: Advanced front-end for dpkg

Details:

USN-3863-1 fixed a vulnerability in APT. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Max Justicz discovered that APT incorrectly handled certain parameters
 during redirects. If a remote attacker were able to perform a
 man-in-the-middle attack, this flaw could potentially be used to
 install altered packages.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  apt                             0.8.16~exp12ubuntu10.28

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3863-2
  https://ubuntu.com/security/notices/USN-3863-1
  CVE-2019-3462

Ubuntu: 3863-2 Critical: APT Man-In-The-Middle Package Installation

ubuntu
Calendar Grey January 22, 2019
Dist Ubuntu Esm H88
Alert bulletin addresses a cybersecurity risk impacting Ubuntu 12.04 ESM, providing guidance on how to apply necessary patches.
An attacker could trick APT into installing altered packages.

Summary

Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle package installation APT altered packages

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:   apt                             0.8.16~exp12ubuntu10.28 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3863-2

  https://ubuntu.com/security/notices/USN-3863-1

  CVE-2019-3462

Severity
critical
Lowest
Low
Medium
High
Critical

January 22, 2019

Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle package installation APT altered packages

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here