Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0969
apt security update
13 June 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: apt
Publisher: Debian
Operating System: Debian GNU/Linux 7
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0478
Original Bulletin:
http://www.debian.org/security/2014/dsa-2958
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running apt check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2958-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 12, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : apt
CVE ID : CVE-2014-0478
Debian Bug : 749795
Jakub Wilk discovered that APT, the high level package manager,
did not properly perform authentication checks for source packages
downloaded via "apt-get source". This only affects use cases where
source packages are downloaded via this command; it does not
affect regular Debian package installation and upgrading.
For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u2.
For the unstable distribution (sid), this problem has been fixed in
version 1.0.4.
We recommend that you upgrade your apt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5
rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0
1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm
DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS
4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66
2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8=
=BjjH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU5pQdRLndAQH1ShLAQLFaA//RX/+CPzW8JYkDH4iuG8ziLoSalhxyAqr
gXnmurYXWsdeVTMq1C/64X5gfUToqWHSW1G8ZfJKg8Vu3rifUwDhvMqallQ0JiHM
BFehLtXqMk7Y3/APzSIzYtmlPkDTtzYOn7BCMoZBvloawCeN9NJRbPABCHmQ3ONr
dL9y9FOIFUNXmUfYgpklcPaP4S8jVZXqm1FsBU4HjmEP8Yk6ErLjo5YhImicznal
qfryaPlN/YpGZj6AbG20NcEeT7tdMoGcBlXwOX4Dpnw8q68IhcMi6K6f4qKLT5u3
J6WoI78DOxz60ZiBdilWSeX54N5c7xPwBMvKm6LdGsIkAJpHtA270TSHo+/qfaL3
oXGDaTyV2yvG8DiWexgx7WsxSgzPKqhs/GT9d2E/NvwNssEaERVhhMGmyUUg5lWr
8MnVpeju5t8wQA73BICnWkFLmQ29KPdwV0+C0t1dO5BKg3DVcEJ/SlT9wd27dsTh
v429JXUmRP2p2p1+DtqUHywSi+cjgf28v5xsuqp6YoP6Uyj9nJ9durhavA1JFyQa
W89g1BJChl4IDSyLFpRh5OqWalD5J976OdeIvmy3AixYtco4Iw5xI8nsG3N9p96Q
ymGuQT6PjtJlZbt5N2GjTWL9Gh1LnylQ3qBH3wMxkIxVvl1TXK9TZFZ6bRNpydry
L3gENaVcFlU=
=StBL
-----END PGP SIGNATURE-----