Lucene search
GoogleOSV:DSA-3025-1HistorySep 16, 2014 - 12:00 a.m.
apt - security update
2014-09-1600:00:00
Google
osv.dev
7
EPSS
0.027
Percentile
90.4%
It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data
(
CVE-2014-0488), performs
incorrect verification of 304 replies
(
CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(
CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command
(
CVE-2014-0490).
For the stable distribution (wheezy), these problems have been fixed in
version 0.9.7.9+deb7u3.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.9.
We recommend that you upgrade your apt packages.
References
Related
ubuntu
ubuntu
APT vulnerabilities
2014-09-16 00:00:00
debian
debian
[SECURITY] [DSA 3025-1] apt security update
2014-09-16 16:30:05
[SECURITY] [DSA 3025-1] apt security update
2014-09-16 16:30:05
[SECURITY] [DSA 3025-2] apt regression update
2014-09-18 20:30:42
nessus
nessus
Ubuntu 14.04 LTS : APT vulnerabilities (USN-2348-1)
2014-09-17 00:00:00
Debian DSA-3025-1 : apt - security update
2014-09-17 00:00:00
Debian DLA-53-1 : apt security update
2015-03-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 3025-1 (apt - security update)
2014-09-16 00:00:00
Debian: Security Advisory (DSA-3025-1)
2014-09-15 00:00:00
Ubuntu: Security Advisory (USN-2348-1)
2014-09-17 00:00:00
securityvulns
securityvulns
[USN-2348-1] APT vulnerabilities
2014-09-21 00:00:00
apt multiple security vulnerabilities
2014-09-25 00:00:00
osv
osv
apt - security update
2014-09-03 00:00:00
debiancve
debiancve
cve
cve
prion
prion
Code injection
2014-11-03 22:55:00
Design/Logic Flaw
2014-11-03 22:55:00
Command injection
2014-11-03 22:55:00
ubuntucve
ubuntucve
nvd
nvd
cvelist
cvelist