Gentoo FoundationMGASA-2014-0442Updated apt packages fix security vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.4%
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the “http” apt method binary, or potentially to arbitrary code execution (CVE-2014-6273). Also fixed is parsing of Mageia package index “synthesis” files with lines longer than 64k characters. This is necessary for upgrading to the “cauldron” development distro that will become Mageia 5. Note however that upgrading from Mageia 3 to Mageia 5 will not be supported.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | apt | < 0.5.15lorg3.94-9.2 | apt-0.5.15lorg3.94-9.2.mga3 |
| Mageia | 4 | noarch | apt | < 0.5.15lorg3.94-11.2 | apt-0.5.15lorg3.94-11.2.mga4 |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.4%