Improper input validation in Canonical Ubuntu_linux
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the us…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.013 (67.7th percentile) — read the EPSS interpretation.
Affected products
- Canonical Ubuntu_linux — versions 11.10, 12.04, 12.10
- Debian Advanced_package_tool — versions 0.8.16
- Debian Apt — versions 0.9.7
- N/a — versions n/a
Weakness classification (CWE)
References
- security@ubuntu.com (x_refsource_OSVDB, vdb-entry)
- security@ubuntu.com (x_refsource_UBUNTU, vendor-advisory)
- security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)