4.3

CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianAdvanced Package Tool Version < 0.8.15.2
CanonicalUbuntu Linux Version11.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.69% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz
Patch
Third Party Advisory
http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/48671
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1169-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68560
Third Party Advisory
VDB Entry
https://launchpad.net/bugs/784473
Third Party Advisory
https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra
Patch