Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu: 3863-2 Critical: APT Man-In-The-Middle Package Installation

ubuntu
Calendar Grey January 22, 2019
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
An attacker could trick APT into installing altered packages.

Summary

An attacker could trick APT into installing altered packages.

Software Description:

- apt: Advanced front-end for dpkg

Details:

USN-3863-1 fixed a vulnerability in APT. This update provides

the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Max Justicz discovered that APT incorrectly handled certain parameters

 during redirects. If a remote attacker were able to perform a

 man-in-the-middle attack, this flaw could potentially be used to

 install altered packages.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  apt                             0.8.16~exp12ubuntu10.28

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3863-2

  https://ubuntu.com/security/notices/USN-3863-1

  CVE-2019-3462

Severity
critical
Lowest
Low
Medium
High
Critical

January 22, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here