CVE-2014-0488

Published: 16 September 2014

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

Priority

Status

Package	Release	Status
apt Launchpad, Ubuntu, Debian	upstream	Needs triage
	lucid	Released (0.7.25.3ubuntu9.16)
	precise	Released (0.8.16~exp12ubuntu10.19)
	trusty	Released (1.0.1ubuntu2.3)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488
https://ubuntu.com/security/notices/USN-2348-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1366702

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›