The apt package in Debian jessie prior to 1.0.9.8.4, in Debian unstable prior to 1.4~beta2, in Ubuntu 14.04 LTS prior to 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS prior to 1.2.15ubuntu0.2, and in Ubuntu 16.10 prior to 1.3.2ubuntu0.1 allows man-in-the-middle malicious users to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced_package_tool |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 16.10 |