Please Install the Updated Packages.
It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn't met. (CVE-2014-0487) It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. (CVE-2014-0488) It was discovered that the APT Acquire::GzipIndexes option caused APT to skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS, and was not enabled by default. (CVE-2014-0489) It was discovered that APT did not correctly validate signatures when downloading source packages using the download command. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0490)
apt on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS
Updated on 2015-03-25
CVE CVE-2014-0487, CVE-2014-0488, CVE-2014-0489, CVE-2014-0490
CVSS Base Score: 7.5