Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2014-6273

Published: 23 September 2014

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

Notes

AuthorNote
mdeslaur 
should only be a denial of service because of hardening

Priority

Medium

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian 		upstream Needs triage

lucid
Released (0.7.25.3ubuntu9.17.1)
precise
Released (0.8.16~exp12ubuntu10.20.1)
trusty
Released (1.0.1ubuntu2.4.1)
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading