Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simpestreams project simplestreams - |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |