exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2019-15796

Status Candidate

Overview

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Related Files

Debian Security Advisory 4609-1
Posted Jan 24, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

tags | advisory, python
systems | linux, debian
advisories | CVE-2019-15795, CVE-2019-15796
SHA-256 | 183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7dd
Download | Favorite | View
Ubuntu Security Notice USN-4247-3
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-15795, CVE-2019-15796
SHA-256 | 8bddca56dbb4a79bec4c879b8ff74ac63d10d8587c17c8bd9ba9567aefc29c61
Download | Favorite | View
Ubuntu Security Notice USN-4247-2
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-15795, CVE-2019-15796
SHA-256 | c5c90b310d7f5f0416773ced5efb38ab57d54948ec0f54e9541ce80aac0c7b0f
Download | Favorite | View
Ubuntu Security Notice USN-4247-1
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-1 - It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2019-15795, CVE-2019-15796
SHA-256 | 402fb2d1cf0e095a11a20ae7a60a1b22d65ad8b15259576de22ffc2b62eddc30
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close