First published: Fri Feb 28 2014(Updated: )
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =10.10 | |
Canonical Ubuntu Linux | =8.04 | |
Canonical Ubuntu Linux | =11.04 | |
Canonical Ubuntu Linux | =10.04 | |
Debian Advanced Package Tool | =0.8.0-pre1 | |
Debian Advanced Package Tool | =0.8.0 | |
Debian Advanced Package Tool | =0.8.0-pre2 | |
Debian Advanced Package Tool | =0.8.1 | |
Debian Advanced Package Tool | =0.8.10 | |
Debian Advanced Package Tool | =0.8.10.1 | |
Debian Advanced Package Tool | =0.8.10.2 | |
Debian Advanced Package Tool | <=0.8.10.3 | |
debian/apt | 2.2.4 2.6.1 2.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.