CVE-2019-15796

Related Files

Debian Security Advisory 4609-1

Posted Jan 24, 2020

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

tags | advisory, python

systems | linux, debian

advisories | CVE-2019-15795, CVE-2019-15796

SHA-256 | 183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7dd

Download | Favorite | View

Ubuntu Security Notice USN-4247-3

Posted Jan 23, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python

systems | linux, ubuntu

advisories | CVE-2019-15795, CVE-2019-15796

SHA-256 | 8bddca56dbb4a79bec4c879b8ff74ac63d10d8587c17c8bd9ba9567aefc29c61

Download | Favorite | View

Ubuntu Security Notice USN-4247-2

Posted Jan 23, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python

systems | linux, ubuntu

advisories | CVE-2019-15795, CVE-2019-15796

SHA-256 | c5c90b310d7f5f0416773ced5efb38ab57d54948ec0f54e9541ce80aac0c7b0f

Download | Favorite | View

Ubuntu Security Notice USN-4247-1

Posted Jan 23, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-1 - It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations.

tags | advisory, remote, python

systems | linux, ubuntu

advisories | CVE-2019-15795, CVE-2019-15796

SHA-256 | 402fb2d1cf0e095a11a20ae7a60a1b22d65ad8b15259576de22ffc2b62eddc30

Download | Favorite | View