Ubuntu Update For Apt USN-1215-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1215-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.

Affected

apt on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001424.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for apturl USN-1132-1
Ubuntu Update for ffmpeg vulnerability USN-630-1
Ubuntu Update for clamav vulnerabilities USN-1031-1
Ubuntu Update for cupsys vulnerabilities USN-598-1
Ubuntu Update for CUPS update USN-1036-1

Ubuntu Update for apt USN-1215-1

Take action and discover your vulnerabilities