Debian Apt vulnerabilities

CVE-2020-3810 [MEDIUM] CWE-20 CVE-2020-3810: Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in d Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

CVE-2020-27350 [MEDIUM] CVE-2020-27350: apt - APT had several integer overflows and underflows while parsing .deb packages, ak... APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu

CVE-2019-3462 [HIGH] CVE-2019-3462: apt - Incorrect sanitation of the 302 redirect field in HTTP transport method of apt v... Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. Scope: local bookworm: resolved (fixed in 1.8.0~alpha3.1) bullseye: resolved (fixed in 1.8.0~alpha3.1) forky: resolved (fixed in 1.8.0~alpha3.1) sid:

CVE-2018-0501 [MEDIUM] CVE-2018-0501: apt - The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before ... The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. Scope: local bookworm: resolved (fixed in 1.6.4) bullseye: resolved (fixed in 1.6.4) forky: resolved (fixed in 1.6.4) sid: resolved (fixed in 1.6.4) trixie:

CVE-2016-1252 [MEDIUM] CVE-2016-1252: apt - The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4... The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease fil

CVE-2014-0487 [HIGH] CVE-2014-0487: APT before 1 APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

CVE-2014-0490 [HIGH] CVE-2014-0490: The apt-get download command in APT before 1 The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

CVE-2014-0489 [HIGH] CVE-2014-0489: APT before 1 APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

CVE-2014-7206 [LOW] CWE-59 CVE-2014-7206: The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a sym The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

CVE-2014-0478 [MEDIUM] CVE-2014-0478: APT before 1 APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

CVE-2012-0214 [MEDIUM] CVE-2012-0214: The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it m

CVE-2014-6273 [MEDIUM] CVE-2014-6273: apt - Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier a... Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. Scope: local bookworm: resolved (fixed in 1.0.3) bullseye: resolved (fixed in 1.0.3) forky: resolved (fixed in 1.0.3) sid: resolved (fixed in 1.0.3) trixie: resolved (

CVE-2014-0488 [MEDIUM] CVE-2014-0488: apt - APT before 1.0.9 does not "invalidate repository data" when moving from an unaut... APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. Scope: local bookworm: resolved (fixed in 1.0.9) bullseye: resolved (fixed in 1.0.9) forky: resolved (fixed in 1.0.9) sid: resolved (fixed in 1.0.9) trixie: resolved (fixe

CVE-2013-1051 [MEDIUM] CWE-20 CVE-2013-1051: apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allow apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

CVE-2012-0961 [LOW] CWE-200 CVE-2012-0961: Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ub Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.

CVE-2012-3587 [LOW] CVE-2012-3587: APT 0 APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.

CVE-2012-0954 [LOW] CVE-2012-0954: apt - APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-upda... APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. Scope: local bookworm: reso

CVE-2011-1829 [MEDIUM] CVE-2011-1829: APT before 0 APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

CVE-2011-3374 [LOW] CVE-2011-3374: apt - It was found that apt-key in apt, all versions, do not correctly validate gpg ke... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2011-3634 [LOW] CVE-2011-3634: apt - methods/https.cc in apt before 0.8.11 accepts connections when the certificate h... methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.8.11) bullseye: resolved (fixed in 0.8.11) forky: resolved (fixed in 0.8.11) sid: resolved (fixed