SECURITY

USN-3863-2: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary An attacker could trick APT into installing altered packages. Software Description apt – Advanced front-end for dpkg Details USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM apt – 0.8.16~exp12ubuntu10.28 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3863-1 CVE-2019-3462 Source: USN-3863-2: APT vulnerability

USN-3863-1: APT vulnerability apt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary An attacker could trick APT into installing altered packages. Software Description apt – Advanced front-end for dpkg Details Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 apt – 1.7.0ubuntu0.1 Ubuntu 18.04 LTS apt – 1.6.6ubuntu0.1 Ubuntu 16.04 LTS apt – 1.2.29ubuntu0.1 Ubuntu 14.04 LTS apt – 1.0.1ubuntu2.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3462 [ more… ]