Summary
Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via 'apt-get source'. This only affects use cases where source packages are downloaded via this command
it does not
affect regular Debian package installation and upgrading.
Solution
For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 1.0.4.
We recommend that you upgrade your apt packages.
Insight
This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library.
Affected
apt on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0478 -
CVSS Base Score: 4.0
AV:N/AC:H/Au:N/C:N/I:P/A:P
Related Vulnerabilities