Описание
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.86ubuntu1 |
| esm-infra-legacy/trusty | released | 0.82.1ubuntu2.3 |
| precise | released | 0.76ubuntu1.1 |
| trusty | released | 0.82.1ubuntu2.3 |
| trusty/esm | released | 0.82.1ubuntu2.3 |
| upstream | needs-triage | |
| utopic | released | 0.82.8ubuntu0.3 |
| vivid | released | 0.83.6ubuntu1 |
| vivid/stable-phone-overlay | released | 0.83.6ubuntu1 |
| vivid/ubuntu-core | DNE |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
unattended-upgrades before 0.86.1 does not properly authenticate packa ...
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
Уязвимость операционной системы Ubuntu, позволяющая нарушителю загрузить и выполнить произвольные установочные пакеты
6.8 Medium
CVSS2