Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA512
- - -------------------------------------------------------------------------
- Debian Security Advisory DSA-3733-1 security@debian.org
- https://www.debian.org/security/ Salvatore Bonaccorso
- December 13, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
- Package : apt
- CVE ID : CVE-2016-1252
- Jann Horn of Google Project Zero discovered that APT, the high level
- package manager, does not properly handle errors when validating
- signatures on InRelease files. An attacker able to man-in-the-middle
- HTTP requests to an apt repository that uses InRelease files
- (clearsigned Release files), can take advantage of this flaw to
- circumvent the signature of the InRelease file, leading to arbitrary
- code execution.
- For the stable distribution (jessie), this problem has been fixed in
- version 1.0.9.8.4.
- For the unstable distribution (sid), this problem has been fixed in
- version 1.4~beta2.
- We recommend that you upgrade your apt packages.
- Further information about Debian Security Advisories, how to apply
- these updates to your system and frequently asked questions can be
- found at: https://www.debian.org/security/
- Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhQK1xfFIAAAAAALgAo
- aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
- NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
- z0T+hA//QT02I4I5jEGVTY9q5+e5Ydq3Pf2bZO8LqJGZer5d060DHv09YVAcuOEA
- CCGstPw5MFFd0VHxmTiJKfcl9YbsEztmb/HV5rOYFay2j64PSVjCRml7lnnW0gpJ
- yITTFBYJzyiTBlFOfCRhI6OpoMJI9Lb9y9M2VgRBB6IiyNnYsQ8XFKur8jurI1MQ
- NoWTkEA7BGDOaGXnCJp8QtXAHx1Ki8hPGxx22hIt0z2rQ4K7UH7bHH6igiZrmcp8
- 9QtdbWMjrB11viSVB29rIVCL3X3UNIZllOmbHrTtfwUNWNnhWOA+WJuqgsRnu3J6
- 8/C5GIyd6DVnoti0hxIKzZgZ8N3hNQ/KF0cxckzBliAdRaChvV/lcwMcM0567Rwq
- rVqPJHD7WDM/cEOcZDIq6t1wJt7IcPoOhmBLsWQn3qoSi+fiGYcYkeys8DdMOQWN
- Ue7RZTnyMHe2DSW4lh0M6yCAnJ4XGgNPdGWBmfiVCzP7xs9+KyvKGWBbQTWo0SzI
- FD+/HQRIuLozIe/29hnuzl//ZJqBcmbOixrprcV58KiYMjUr/zsKGJnpoMbeBE8y
- kVyUmgRvMzzOqix7bYcn6FcY7hE+n5cD7ldU0DLCFhHaA8O6DJFu+HbVeNoQUp1C
- cMxdGcTGKUZcTfaOb40RNKym2I6cJbu9+QPVYcp0TXEzlsqtzE0=
- =/Cjp
- -----END PGP SIGNATURE-----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement