USN-2353-1: APT vulnerability
23 September 2014
APT could be made to crash or run programs if it received specially crafted network traffic.
- apt - Advanced front-end for dpkg
It was discovered that APT incorrectly handled certain http URLs. If a
remote attacker were able to perform a man-in-the-middle attack, this flaw
could be exploited to cause APT to crash, resulting in a denial of service,
or possibly execute arbitrary code. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
In addition, this update fixes regressions introduced by the USN-2348-1
security update: APT incorrectly handled file:/// sources on a different
partition, incorrectly handled Dir::state::lists set to a relative path,
and incorrectly handled cdrom: sources.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.