Ubuntu - python-apt vulnerabilities (2020-01-23)

USN-4247-3: python-apt vulnerabilities

python-apt vulnerabilities<br>A security issue affects these releases of Ubuntu and its derivatives:<br>Ubuntu 14.04 ESM<br>Ubuntu 12.04 ESM<br>Summary<br>Several security issues were fixed in python-apt.<br>Software Description<br>python-apt - Python interface to libapt-pkg<br>Details<br>USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.<br>Original advisory details:<br>It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)<br>It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796)<br>Update instructions<br>The problem can be corrected by updating your system to the following package versions:<br>Ubuntu 14.04 ESM<br>python-apt - 0.9.3.5ubuntu3+esm2<br>python3-apt - 0.9.3.5ubuntu3+esm2<br>Ubuntu 12.04 ESM<br>python-apt - 0.8.3ubuntu7.5<br>python3-apt - 0.8.3ubuntu7.5<br>To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.<br>In general, a standard system update will make all the necessary changes.<br>References<br>USN-4247-1<br>CVE-2019-15795<br>CVE-2019-15796<br>]]&gt;

Ubuntu是一个以桌面应用为主的Linux操作系统

CVE-2019-15796

暂无

暂无

https://usn.ubuntu.com/4247-3/