What is the severity of CVE-2019-15796?

CVE-2019-15796 is rated as a high severity vulnerability due to its potential to allow downloads from unsigned repositories.

How do I fix CVE-2019-15796?

To fix CVE-2019-15796, upgrade python-apt to version 1.9.5 or later.

Which versions of python-apt are affected by CVE-2019-15796?

Versions of python-apt prior to 1.9.5 are affected by CVE-2019-15796.

What types of systems are vulnerable to CVE-2019-15796?

CVE-2019-15796 affects systems running Ubuntu versions that include python-apt 1.9.3ubuntu2 and earlier.

What are the consequences of CVE-2019-15796?

The consequences of CVE-2019-15796 include the risk of installing packages from potentially untrusted sources.

Vulnerability/
CVE-2019-15796

medium

4.7

CWE

347 287

26/3/2020

24/5/2022

21/11/2024

CVE-2019-15796: python-apt downloads from untrusted sources

First published: Thu Mar 26 2020(Updated: )

Last updated 24 July 2024

Credit: security@ubuntu.com

Affected Software	Affected Version	How to fix
pip/python-apt	>=1.9.1<1.9.5	1.9.5
pip/python-apt	>=1.7.0<1.9.0ubuntu1.2	1.9.0ubuntu1.2
pip/python-apt	>=1.2.0<1.6.5ubuntu0.1	1.6.5ubuntu0.1
pip/python-apt	>=0.9.0<0.9.3.5ubuntu3	0.9.3.5ubuntu3
pip/python-apt	<0.8.3ubuntu7.5	0.8.3ubuntu7.5
debian/python-apt		2.2.1 2.6.0 2.9.8
All of
Any of
python3-apt	=0.8.0-ubuntu9
python3-apt	=0.8.1-ubuntu1
python3-apt	=0.8.3-ubuntu1
python3-apt	=0.8.3-ubuntu2
python3-apt	=0.8.3-ubuntu3
python3-apt	=0.8.3-ubuntu4
python3-apt	=0.8.3-ubuntu5
python3-apt	=0.8.3-ubuntu6
python3-apt	=0.8.3-ubuntu7
python3-apt	=0.8.3-ubuntu7.1
python3-apt	=0.8.3-ubuntu7.2
python3-apt	=0.8.3-ubuntu7.3
Ubuntu Linux	=12.04
All of
Any of
python3-apt	=0.8.9.1
python3-apt	=0.8.9.1-ubuntu1
python3-apt	=0.9.0
python3-apt	=0.9.1
python3-apt	=0.9.1-build1
python3-apt	=0.9.1-build2
python3-apt	=0.9.1-ubuntu1
python3-apt	=0.9.3.1
python3-apt	=0.9.3.2
python3-apt	=0.9.3.2-ubuntu1
python3-apt	=0.9.3.2-ubuntu2
python3-apt	=0.9.3.3
python3-apt	=0.9.3.3-ubuntu1
python3-apt	=0.9.3.4
python3-apt	=0.9.3.4-build1
python3-apt	=0.9.3.5
python3-apt	=0.9.3.5-ubuntu1
python3-apt	=0.9.3.5-ubuntu2
python3-apt	=0.9.3.5-ubuntu3
Ubuntu Linux	=14.04
All of
Any of
python3-apt	=1.0.1-build1
python3-apt	=1.0.1-ubuntu1
python3-apt	=1.0.1-ubuntu2
python3-apt	=1.1.0-beta1
python3-apt	=1.1.0-beta1build1
python3-apt	=1.1.0-beta1ubuntu0.16.04.1
python3-apt	=1.1.0-beta1ubuntu0.16.04.2
python3-apt	=1.1.0-beta1ubuntu0.16.04.3
python3-apt	=1.1.0-beta1ubuntu0.16.04.4
python3-apt	=1.1.0-beta1ubuntu0.16.04.5
Ubuntu Linux	=16.04
All of
Any of
python-apt-common	=1.8.4
python3-apt	=1.4.0
python3-apt	=1.4.0-beta3build2
python3-apt	=1.4.0-beta3ubuntu1
python3-apt	=1.6.0
python3-apt	=1.6.0-rc1
python3-apt	=1.6.0-rc2ubuntu1
python3-apt	=1.6.0-rc2ubuntu2
python3-apt	=1.6.0-rc3
python3-apt	=1.6.1
python3-apt	=1.6.2
python3-apt	=1.6.3
python3-apt	=1.6.3-ubuntu1
python3-apt	=1.6.4
python3-apt	=1.8.4
Ubuntu Linux	=18.04
All of
Any of
python3-apt	=1.8.4
python3-apt	=1.9.0-alpha0\~ubuntu1
python3-apt	=1.9.0-alpha0\~ubuntu2
python3-apt	=1.9.0-ubuntu1
Ubuntu Linux	=19.10
All of
Any of
python3-apt	=1.7.0
python3-apt	=1.8.0
python3-apt	=1.8.0-alpha0\~ubuntu1
python3-apt	=1.8.0-alpha0\~ubuntu2
python3-apt	=1.8.1
python3-apt	=1.8.2
python3-apt	=1.8.3
python3-apt	=1.8.4
Ubuntu Linux	=19.04
python3-apt	=0.8.0-ubuntu9
python3-apt	=0.8.1-ubuntu1
python3-apt	=0.8.3-ubuntu1
python3-apt	=0.8.3-ubuntu2
python3-apt	=0.8.3-ubuntu3
python3-apt	=0.8.3-ubuntu4
python3-apt	=0.8.3-ubuntu5
python3-apt	=0.8.3-ubuntu6
python3-apt	=0.8.3-ubuntu7
python3-apt	=0.8.3-ubuntu7.1
python3-apt	=0.8.3-ubuntu7.2
python3-apt	=0.8.3-ubuntu7.3
Ubuntu	=12.04
python3-apt	=0.8.9.1
python3-apt	=0.8.9.1-ubuntu1
python3-apt	=0.9.0
python3-apt	=0.9.1
python3-apt	=0.9.1-build1
python3-apt	=0.9.1-build2
python3-apt	=0.9.1-ubuntu1
python3-apt	=0.9.3.1
python3-apt	=0.9.3.2
python3-apt	=0.9.3.2-ubuntu1
python3-apt	=0.9.3.2-ubuntu2
python3-apt	=0.9.3.3
python3-apt	=0.9.3.3-ubuntu1
python3-apt	=0.9.3.4
python3-apt	=0.9.3.4-build1
python3-apt	=0.9.3.5
python3-apt	=0.9.3.5-ubuntu1
python3-apt	=0.9.3.5-ubuntu2
python3-apt	=0.9.3.5-ubuntu3
Ubuntu	=14.04
python3-apt	=1.0.1-build1
python3-apt	=1.0.1-ubuntu1
python3-apt	=1.0.1-ubuntu2
python3-apt	=1.1.0-beta1
python3-apt	=1.1.0-beta1build1
python3-apt	=1.1.0-beta1ubuntu0.16.04.1
python3-apt	=1.1.0-beta1ubuntu0.16.04.2
python3-apt	=1.1.0-beta1ubuntu0.16.04.3
python3-apt	=1.1.0-beta1ubuntu0.16.04.4
python3-apt	=1.1.0-beta1ubuntu0.16.04.5
Ubuntu	=16.04
python-apt	=1.8.4
python3-apt	=1.4.0
python3-apt	=1.4.0-beta3build2
python3-apt	=1.4.0-beta3ubuntu1
python3-apt	=1.6.0
python3-apt	=1.6.0-rc1
python3-apt	=1.6.0-rc2ubuntu1
python3-apt	=1.6.0-rc2ubuntu2
python3-apt	=1.6.0-rc3
python3-apt	=1.6.1
python3-apt	=1.6.2
python3-apt	=1.6.3
python3-apt	=1.6.3-ubuntu1
python3-apt	=1.6.4
python3-apt	=1.8.4
Ubuntu	=18.04
python3-apt	=1.9.0-alpha0\~ubuntu1
python3-apt	=1.9.0-alpha0\~ubuntu2
python3-apt	=1.9.0-ubuntu1
Ubuntu	=19.10
python3-apt	=1.7.0
python3-apt	=1.8.0
python3-apt	=1.8.0-alpha0\~ubuntu1
python3-apt	=1.8.0-alpha0\~ubuntu2
python3-apt	=1.8.1
python3-apt	=1.8.2
python3-apt	=1.8.3
Ubuntu	=19.04

Remedy

https://usn.ubuntu.com/4247-1/

Remedy

https://usn.ubuntu.com/4247-3/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-15796?
CVE-2019-15796 is rated as a high severity vulnerability due to its potential to allow downloads from unsigned repositories.
How do I fix CVE-2019-15796?
To fix CVE-2019-15796, upgrade python-apt to version 1.9.5 or later.
Which versions of python-apt are affected by CVE-2019-15796?
Versions of python-apt prior to 1.9.5 are affected by CVE-2019-15796.
What types of systems are vulnerable to CVE-2019-15796?
CVE-2019-15796 affects systems running Ubuntu versions that include python-apt 1.9.3ubuntu2 and earlier.
What are the consequences of CVE-2019-15796?
The consequences of CVE-2019-15796 include the risk of installing packages from potentially untrusted sources.

collector/github-advisory-latest
alias/GHSA-pj65-3pf6-c5q4
alias/CVE-2019-15796
collector/github-advisory
agent/type
agent/remedy
collector/launchpad-cve
source/Launchpad
agent/weakness
agent/severity
agent/title
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/pip
package-manager/debian
vendor/ubuntu
canonical/python3-apt
version/python3-apt/0.8.0-ubuntu9
version/python3-apt/0.8.1-ubuntu1
version/python3-apt/0.8.3-ubuntu1
version/python3-apt/0.8.3-ubuntu2
version/python3-apt/0.8.3-ubuntu3
version/python3-apt/0.8.3-ubuntu4
version/python3-apt/0.8.3-ubuntu5
version/python3-apt/0.8.3-ubuntu6
version/python3-apt/0.8.3-ubuntu7
version/python3-apt/0.8.3-ubuntu7.1
version/python3-apt/0.8.3-ubuntu7.2
version/python3-apt/0.8.3-ubuntu7.3
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/12.04
version/python3-apt/0.8.9.1
version/python3-apt/0.8.9.1-ubuntu1
version/python3-apt/0.9.0
version/python3-apt/0.9.1
version/python3-apt/0.9.1-build1
version/python3-apt/0.9.1-build2
version/python3-apt/0.9.1-ubuntu1
version/python3-apt/0.9.3.1
version/python3-apt/0.9.3.2
version/python3-apt/0.9.3.2-ubuntu1
version/python3-apt/0.9.3.2-ubuntu2
version/python3-apt/0.9.3.3
version/python3-apt/0.9.3.3-ubuntu1
version/python3-apt/0.9.3.4
version/python3-apt/0.9.3.4-build1
version/python3-apt/0.9.3.5
version/python3-apt/0.9.3.5-ubuntu1
version/python3-apt/0.9.3.5-ubuntu2
version/python3-apt/0.9.3.5-ubuntu3
version/ubuntu linux/14.04
version/python3-apt/1.0.1-build1
version/python3-apt/1.0.1-ubuntu1
version/python3-apt/1.0.1-ubuntu2
version/python3-apt/1.1.0-beta1
version/python3-apt/1.1.0-beta1build1
version/python3-apt/1.1.0-beta1ubuntu0.16.04.1
version/python3-apt/1.1.0-beta1ubuntu0.16.04.2
version/python3-apt/1.1.0-beta1ubuntu0.16.04.3
version/python3-apt/1.1.0-beta1ubuntu0.16.04.4
version/python3-apt/1.1.0-beta1ubuntu0.16.04.5
version/ubuntu linux/16.04
vendor/debian
canonical/python-apt-common
version/python-apt-common/1.8.4
version/python3-apt/1.4.0
version/python3-apt/1.4.0-beta3build2
version/python3-apt/1.4.0-beta3ubuntu1
version/python3-apt/1.6.0
version/python3-apt/1.6.0-rc1
version/python3-apt/1.6.0-rc2ubuntu1
version/python3-apt/1.6.0-rc2ubuntu2
version/python3-apt/1.6.0-rc3
version/python3-apt/1.6.1
version/python3-apt/1.6.2
version/python3-apt/1.6.3
version/python3-apt/1.6.3-ubuntu1
version/python3-apt/1.6.4
version/python3-apt/1.8.4
version/ubuntu linux/18.04
version/python3-apt/1.9.0-alpha0\~ubuntu1
version/python3-apt/1.9.0-alpha0\~ubuntu2
version/python3-apt/1.9.0-ubuntu1
version/ubuntu linux/19.10
version/python3-apt/1.7.0
version/python3-apt/1.8.0
version/python3-apt/1.8.0-alpha0\~ubuntu1
version/python3-apt/1.8.0-alpha0\~ubuntu2
version/python3-apt/1.8.1
version/python3-apt/1.8.2
version/python3-apt/1.8.3
version/ubuntu linux/19.04
canonical/ubuntu
version/ubuntu/12.04
version/ubuntu/14.04
version/ubuntu/16.04
canonical/python-apt
version/python-apt/1.8.4
version/ubuntu/18.04
version/ubuntu/19.10
version/ubuntu/19.04

CVE-2019-15796: python-apt downloads from untrusted sources

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-15796?

How do I fix CVE-2019-15796?

Which versions of python-apt are affected by CVE-2019-15796?

What types of systems are vulnerable to CVE-2019-15796?

What are the consequences of CVE-2019-15796?

Company

Resources

Contact