Ubuntu Update For Apt USN-1475-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1475-1

Solution

Please Install the Updated Packages.

Insight

Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions.

Affected

apt on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-June/001721.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0954, CVE-2012-3587

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for libssh USN-2145-1
Ubuntu Update for cups USN-2293-1
Ubuntu Update for linux USN-1341-1
Ubuntu Update for kdelibs vulnerability USN-420-1
Ubuntu Update for puppet USN-1238-2

Ubuntu Update for apt USN-1475-1

Take action and discover your vulnerabilities