API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 13th, 2016
278
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.31 KB | None | 0 0
raw download clone embed print report
  1. -----BEGIN PGP SIGNED MESSAGE-----
  2. Hash: SHA512
  3.  
  4. - -------------------------------------------------------------------------
  5. Debian Security Advisory DSA-3733-1 security@debian.org
  6. https://www.debian.org/security/ Salvatore Bonaccorso
  7. December 13, 2016 https://www.debian.org/security/faq
  8. - -------------------------------------------------------------------------
  9.  
  10. Package : apt
  11. CVE ID : CVE-2016-1252
  12.  
  13. Jann Horn of Google Project Zero discovered that APT, the high level
  14. package manager, does not properly handle errors when validating
  15. signatures on InRelease files. An attacker able to man-in-the-middle
  16. HTTP requests to an apt repository that uses InRelease files
  17. (clearsigned Release files), can take advantage of this flaw to
  18. circumvent the signature of the InRelease file, leading to arbitrary
  19. code execution.
  20.  
  21. For the stable distribution (jessie), this problem has been fixed in
  22. version 1.0.9.8.4.
  23.  
  24. For the unstable distribution (sid), this problem has been fixed in
  25. version 1.4~beta2.
  26.  
  27. We recommend that you upgrade your apt packages.
  28.  
  29. Further information about Debian Security Advisories, how to apply
  30. these updates to your system and frequently asked questions can be
  31. found at: https://www.debian.org/security/
  32.  
  33. Mailing list: debian-security-announce@lists.debian.org
  34. -----BEGIN PGP SIGNATURE-----
  35.  
  36. iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhQK1xfFIAAAAAALgAo
  37. aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
  38. NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
  39. z0T+hA//QT02I4I5jEGVTY9q5+e5Ydq3Pf2bZO8LqJGZer5d060DHv09YVAcuOEA
  40. CCGstPw5MFFd0VHxmTiJKfcl9YbsEztmb/HV5rOYFay2j64PSVjCRml7lnnW0gpJ
  41. yITTFBYJzyiTBlFOfCRhI6OpoMJI9Lb9y9M2VgRBB6IiyNnYsQ8XFKur8jurI1MQ
  42. NoWTkEA7BGDOaGXnCJp8QtXAHx1Ki8hPGxx22hIt0z2rQ4K7UH7bHH6igiZrmcp8
  43. 9QtdbWMjrB11viSVB29rIVCL3X3UNIZllOmbHrTtfwUNWNnhWOA+WJuqgsRnu3J6
  44. 8/C5GIyd6DVnoti0hxIKzZgZ8N3hNQ/KF0cxckzBliAdRaChvV/lcwMcM0567Rwq
  45. rVqPJHD7WDM/cEOcZDIq6t1wJt7IcPoOhmBLsWQn3qoSi+fiGYcYkeys8DdMOQWN
  46. Ue7RZTnyMHe2DSW4lh0M6yCAnJ4XGgNPdGWBmfiVCzP7xs9+KyvKGWBbQTWo0SzI
  47. FD+/HQRIuLozIe/29hnuzl//ZJqBcmbOixrprcV58KiYMjUr/zsKGJnpoMbeBE8y
  48. kVyUmgRvMzzOqix7bYcn6FcY7hE+n5cD7ldU0DLCFhHaA8O6DJFu+HbVeNoQUp1C
  49. cMxdGcTGKUZcTfaOb40RNKym2I6cJbu9+QPVYcp0TXEzlsqtzE0=
  50. =/Cjp
  51. -----END PGP SIGNATURE-----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!