ppa.py in Software Properties prior to 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) malicious users to spoof GPG keys for a package repository.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 11.04 |
||
canonical software-properties |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 11.10 |