Several security issues were fixed in APT.
It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn’t met. (CVE-2014-0487)
16 September 2014
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in APT.
It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn’t met. (CVE-2014-0487)
It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. (CVE-2014-0488)
It was discovered that the APT Acquire::GzipIndexes option caused APT to skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS, and was not enabled by default. (CVE-2014-0489)
It was discovered that APT did not correctly validate signatures when manually downloading packages using the download command. This issue only applied to Ubuntu 12.04 LTS. (CVE-2014-0490)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Vulmon