CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
76.4%
Debian Security Advisory DSA-3031-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
September 23, 2014 http://www.debian.org/security/faq
Package : apt
CVE ID : CVE-2014-6273
The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the 'http' apt method binary, or
potentially to arbitrary code execution.
Two regression fixes were included in this update:
Fix regression from the previous update in DSA-3025-1 when the custom
apt configuration option for Dir::state::lists is set to a relative
path (#762160).
Fix regression in the reverificaiton handling of cdrom: sources that
may lead to incorrect hashsum warnings. Affected users need to run
"apt-cdrom add" again after the update was applied.
For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u5.
We recommend that you upgrade your apt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | powerpc | libapt-pkg-dev | < 0.9.7.9+deb7u5 | libapt-pkg-dev_0.9.7.9+deb7u5_powerpc.deb |
Debian | 7 | kfreebsd-i386 | libapt-inst1.5 | < 0.9.7.9+deb7u5 | libapt-inst1.5_0.9.7.9+deb7u5_kfreebsd-i386.deb |
Debian | 7 | all | apt-doc | < 0.9.7.9+deb7u5 | apt-doc_0.9.7.9+deb7u5_all.deb |
Debian | 7 | mipsel | apt-utils | < 0.9.7.9+deb7u5 | apt-utils_0.9.7.9+deb7u5_mipsel.deb |
Debian | 6 | all | libapt-pkg-doc | < 0.8.10.3+squeeze5 | libapt-pkg-doc_0.8.10.3+squeeze5_all.deb |
Debian | 7 | mipsel | libapt-pkg-dev | < 0.9.7.9+deb7u5 | libapt-pkg-dev_0.9.7.9+deb7u5_mipsel.deb |
Debian | 7 | i386 | apt-transport-https | < 0.9.7.9+deb7u5 | apt-transport-https_0.9.7.9+deb7u5_i386.deb |
Debian | 7 | amd64 | apt | < 0.9.7.9+deb7u5 | apt_0.9.7.9+deb7u5_amd64.deb |
Debian | 7 | ia64 | apt-utils | < 0.9.7.9+deb7u5 | apt-utils_0.9.7.9+deb7u5_ia64.deb |
Debian | 7 | s390x | libapt-pkg-dev | < 0.9.7.9+deb7u5 | libapt-pkg-dev_0.9.7.9+deb7u5_s390x.deb |