CVE-2011-3374

Published: 26 November 2019

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Priority

Critical

CVSS 3 base score: 3.7

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(net-update not enabled by debian)

Notes

AuthorNote
sbeattie
Ubuntu specific, debian does not enable net-update. After CVE-2012-0954, net-update was disabled permanently in apt 0.9.6ubuntu3

References

Bugs