First published: Wed Dec 09 2020(Updated: )
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Advanced Package Tool | >=1.2.32ubuntu0<1.2.32ubuntu0.2 | |
Canonical Ubuntu Linux | =16.04 | |
Debian Advanced Package Tool | >=1.6.12ubuntu0<1.6.12ubuntu0.2 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Advanced Package Tool | >=2.0.2ubuntu0<2.0.2ubuntu0.2 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Advanced Package Tool | >=2.1.10ubuntu0<2.1.10ubuntu0.2 | |
Canonical Ubuntu Linux | =20.10 | |
Debian Advanced Package Tool | <1.8.2.2 | |
Debian Debian Linux | =10.0 | |
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
All of | ||
Debian Advanced Package Tool | >=1.2.32ubuntu0<1.2.32ubuntu0.2 | |
Canonical Ubuntu Linux | =16.04 | |
All of | ||
Debian Advanced Package Tool | >=1.6.12ubuntu0<1.6.12ubuntu0.2 | |
Canonical Ubuntu Linux | =18.04 | |
All of | ||
Debian Advanced Package Tool | >=2.0.2ubuntu0<2.0.2ubuntu0.2 | |
Canonical Ubuntu Linux | =20.04 | |
All of | ||
Debian Advanced Package Tool | >=2.1.10ubuntu0<2.1.10ubuntu0.2 | |
Canonical Ubuntu Linux | =20.10 | |
All of | ||
Debian Advanced Package Tool | <1.8.2.2 | |
Debian Debian Linux | =10.0 | |
All of | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
debian/apt | 2.2.4 2.6.1 2.9.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-27350.
The severity of CVE-2020-27350 is medium, with a severity value of 5.7.
The software affected by CVE-2020-27350 is APT.
The remedy for CVE-2020-27350 is to update APT to version 1.2.32ubuntu0.2, 1.6.12ubuntu0.2, 2.0.2ubuntu0.2, or 2.1.10ubuntu0.2.
More information about CVE-2020-27350 can be found at the following references: - [CVE-2020-27350 on Launchpad](https://bugs.launchpad.net/bugs/1899193) - [Netapp Advisory NTAP-20210108-0005](https://security.netapp.com/advisory/ntap-20210108-0005/) - [Ubuntu USN-4667-1](https://usn.ubuntu.com/usn/usn-4667-1)