6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.4%
Package : apt
Version : 0.8.10.3+squeeze5
CVE ID : CVE-2014-6273
The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the 'http' apt method binary, or
potentially to arbitrary code execution.
The following regression fixes were included in this update:
Fix regression from the previous update in DLA-53-1 when the custom
apt configuration option for Dir::state::lists is set to a relative
path (#762160).
Fix regression in the reverificaiton handling of cdrom: sources that
may lead to incorrect hashsum warnings. Affected users need to run
"apt-cdrom add" again after the update was applied.
Fix regression from the previous update in DLA-53-1 when file:///
sources are used and those are on a different partition than the apt
state directory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | sparc | libapt-pkg4.12 | < 0.9.7.9+deb7u5 | libapt-pkg4.12_0.9.7.9+deb7u5_sparc.deb |
Debian | 7 | kfreebsd-amd64 | apt-utils | < 0.9.7.9+deb7u5 | apt-utils_0.9.7.9+deb7u5_kfreebsd-amd64.deb |
Debian | 7 | mips | apt-utils | < 0.9.7.9+deb7u5 | apt-utils_0.9.7.9+deb7u5_mips.deb |
Debian | 7 | mipsel | apt-transport-https | < 0.9.7.9+deb7u5 | apt-transport-https_0.9.7.9+deb7u5_mipsel.deb |
Debian | 7 | sparc | apt-utils | < 0.9.7.9+deb7u5 | apt-utils_0.9.7.9+deb7u5_sparc.deb |
Debian | 7 | mips | apt-transport-https | < 0.9.7.9+deb7u5 | apt-transport-https_0.9.7.9+deb7u5_mips.deb |
Debian | 6 | amd64 | apt | < 0.8.10.3+squeeze5 | apt_0.8.10.3+squeeze5_amd64.deb |
Debian | 7 | mips | libapt-pkg-dev | < 0.9.7.9+deb7u5 | libapt-pkg-dev_0.9.7.9+deb7u5_mips.deb |
Debian | 7 | kfreebsd-amd64 | apt | < 0.9.7.9+deb7u5 | apt_0.9.7.9+deb7u5_kfreebsd-amd64.deb |
Debian | 6 | i386 | libapt-pkg-dev | < 0.8.10.3+squeeze5 | libapt-pkg-dev_0.8.10.3+squeeze5_i386.deb |