First published: Sat Jun 21 2014(Updated: )
As noted in this report to oss-security [1], a flaw exists in the apt-cacher-ng server, and an inside attacker (on the LAN with knowledge of the server's address), could trick a user into visiting, or redirect them to, a manipulated URL that would cause the cross-site scripting attack. A proposed fix has been made [2]. [1] <a href="http://seclists.org/oss-sec/2014/q2/602">http://seclists.org/oss-sec/2014/q2/602</a> [2] <a href="http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commitdiff;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad">http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commitdiff;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad</a>
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Apt-cacher | =0.7.26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.