Описание
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.4~beta2 |
| esm-infra-legacy/trusty | released | 1.0.1ubuntu2.17 |
| esm-infra/xenial | released | 1.2.15ubuntu0.2 |
| precise | not-affected | InRelease file splitting code is not present |
| precise/esm | not-affected | InRelease file splitting code is not present |
| trusty | released | 1.0.1ubuntu2.17 |
| trusty/esm | released | 1.0.1ubuntu2.17 |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | ignored | end of life |
| vivid/ubuntu-core | ignored | end of life |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3