Ubuntu - python-apt regression (2020-01-22)

USN-4247-2: python-apt regression

python-apt regression<br>A security issue affects these releases of Ubuntu and its derivatives:<br>Ubuntu 19.10<br>Ubuntu 19.04<br>Ubuntu 18.04 LTS<br>Ubuntu 16.04 LTS<br>Summary<br>USN-4247-1 introduced a regression in python-apt.<br>Software Description<br>python-apt - Python interface to libapt-pkg<br>Details<br>USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem.<br>We apologize for the inconvenience.<br>Original advisory details:<br>It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)<br>It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796)<br>Update instructions<br>The problem can be corrected by updating your system to the following package versions:<br>Ubuntu 19.10<br>python-apt - 1.9.0ubuntu1.3<br>python3-apt - 1.9.0ubuntu1.3<br>Ubuntu 19.04<br>python-apt - 1.8.5~ubuntu0.3<br>python3-apt - 1.8.5~ubuntu0.3<br>Ubuntu 18.04 LTS<br>python-apt - 1.6.5ubuntu0.2<br>python3-apt - 1.6.5ubuntu0.2<br>Ubuntu 16.04 LTS<br>python-apt - 1.1.0~beta1ubuntu0.16.04.8<br>python3-apt - 1.1.0~beta1ubuntu0.16.04.8<br>To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.<br>In general, a standard system update will make all the necessary changes.<br>References<br>USN-4247-1<br>LP: 1860606<br>]]&gt;

Ubuntu是一个以桌面应用为主的Linux操作系统

CVE-2019-15796

暂无

暂无

https://usn.ubuntu.com/4247-2/