Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 19.10: USN-4247-1 Moderate: Python-Apt Security Issues

ubuntu
Calendar Grey January 22, 2020
Dist Ubuntu Esm H88
Ubuntu's python3-apt encountered vulnerabilities addressed in USN-4247-2 announcement. Implement recommended patches.
Several security issues were fixed in python-apt.

Summary

Several security issues were fixed in python-apt.

Software Description:

- python-apt: Python interface to libapt-pkg

Details:

It was discovered that python-apt would still use MD5 hashes to validate

certain downloaded packages. If a remote attacker were able to perform a

man-in-the-middle attack, this flaw could potentially be used to install

altered packages. (CVE-2019-15795)

It was discovered that python-apt could install packages from untrusted

repositories, contrary to expectations. (CVE-2019-15796)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  python-apt                      1.9.0ubuntu1.2
  python3-apt                     1.9.0ubuntu1.2

Ubuntu 19.04:
  python-apt                      1.8.5~ubuntu0.2
  python3-apt                     1.8.5~ubuntu0.2

Ubuntu 18.04 LTS:
  python-apt                      1.6.5ubuntu0.1
  python3-apt                     1.6.5ubuntu0.1

Ubuntu 16.04 LTS:
  python-apt                      1.1.0~beta1ubuntu0.16.04.7
  python3-apt                     1.1.0~beta1ubuntu0.16.04.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4247-1

CVE-2019-15795, CVE-2019-15796

January 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here