Ubuntu Security Notice 3863-2 - USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
7405cd348546773a44511e11ed531d6d1c0b53c7b55acbc3a9cfdc441a0fe749
Ubuntu Security Notice 3863-1 - Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
37de6a077e616f3d2fc675e0df086a441ee4d0d9862ab4d23e578f4cbc9261cf
Debian Linux Security Advisory 4371-1 - Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicious content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine.
c64d7b7ba8329aed7fb7a0d0963524931c6f2fdb67873437f10bc78d5431d5e2