Solution
Please Install the Updated Packages.
Insight
Ansgar Burchardt discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
This update corrects the issue by disabling InRelease file support completely.
Affected
apt on Ubuntu 12.10 ,
Ubuntu 12.04 LTS ,
Ubuntu 11.10
Severity
Classification
-
CVE CVE-2013-1051 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities