1. Ubuntu Security Notices
  2. USN-1169-1

USN-1169-1: APT vulnerability

Publication date

13 July 2011

Overview

An attacker could trick APT into installing altered packages.

Releases

Packages

  • apt - Advanced front-end for dpkg

Details

William Grant discovered that APT incorrectly validated inline GPG
signatures. If a remote attacker were able to perform a machine-in-the-middle
attack, this flaw could potentially be used to install altered packages.

William Grant discovered that APT incorrectly validated inline GPG
signatures. If a remote attacker were able to perform a machine-in-the-middle
attack, this flaw could potentially be used to install altered packages.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
11.04 natty apt –  0.8.13.2ubuntu4.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›