First published: Tue Jan 22 2019(Updated: )
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Credit: security@debian.org security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Advanced Package Tool | <1.2.30 | |
Debian Advanced Package Tool | >=1.3<=1.4.8 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Netapp Active Iq | ||
Netapp Element Software | ||
debian/apt | 2.2.4 2.6.1 2.9.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3462 is a vulnerability in the HTTP transport method of apt versions 1.4.8 and earlier, which allows a MITM attacker to inject content and potentially execute remote code on the target machine.
CVE-2019-3462 affects APT versions 1.4.8 and earlier in Debian, potentially leading to content injection and remote code execution.
CVE-2019-3462 affects Ubuntu Linux versions 12.04, 14.04, 16.04, 18.04, and 18.10.
CVE-2019-3462 has a severity rating of 8.1 (critical).
You can find more information about CVE-2019-3462 at the following references: [Link 1](https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353), [Link 2](https://justi.cz/security/2019/01/22/apt-rce.html), [Link 3](https://security-tracker.debian.org/tracker/CVE-2019-3462)