CVE-2018-0501

Publication date 20 August 2018

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

Description

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

Status

Package Ubuntu Release Status
apt 18.04 LTS bionic
Fixed 1.6.3ubuntu0.1
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.9 · Medium

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities