Описание
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.6.43.3ubuntu3.1 |
| devel | released | 0.7.20.2ubuntu6 |
| hardy | released | 0.7.9ubuntu17.2 |
| intrepid | released | 0.7.14ubuntu6.1 |
| upstream | released | 0.7.21 |
Показывать по
EPSS
10 Critical
CVSS2
Связанные уязвимости
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
apt-get in apt before 0.7.21 does not check for the correct error code ...
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
10 Critical
CVSS2