Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 14.04 ESM: USN-4247-3 Moderate: python-apt Security Issues

ubuntu
Calendar Grey January 23, 2020
Dist Ubuntu Esm H88
Updates released addressing various vulnerabilities in python-apt for Ubuntu 12.04 and 14.04 ESM installations. Ensure your systems remain secure by applying these patches!
Several security issues were fixed in python-apt.

Summary

Several security issues were fixed in python-apt.

Software Description:

- python-apt: Python interface to libapt-pkg

Details:

USN-4247-1 fixed several vulnerabilities in python-apt. This update

provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that python-apt would still use MD5 hashes to validate

certain downloaded packages. If a remote attacker were able to perform a

man-in-the-middle attack, this flaw could potentially be used to install

altered packages. (CVE-2019-15795)

It was discovered that python-apt could install packages from untrusted

repositories, contrary to expectations. (CVE-2019-15796)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  python-apt                      0.9.3.5ubuntu3+esm2
  python3-apt                     0.9.3.5ubuntu3+esm2

Ubuntu 12.04 ESM:
  python-apt                      0.8.3ubuntu7.5
  python3-apt                     0.8.3ubuntu7.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4247-3

https://ubuntu.com/security/notices/USN-4247-1

CVE-2019-15795, CVE-2019-15796

January 23, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here