apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced package tool 0.8.16 |
||
debian apt 0.9.7 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |