APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced package tool 1.0.5 |
||
debian advanced package tool 1.0.3 |
||
debian advanced package tool 1.0.7 |