CVE-2014-6273

Published: 23 September 2014

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

Priority

Medium

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1ubuntu2.4.1)
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.