========================================================================== Ubuntu Security Notice USN-1215-1 September 22, 2011 apt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: An attacker could trick APT into installing altered packages. Software Description: - apt: Advanced front-end for dpkg Details: It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: apt 0.8.13.2ubuntu4.2 Ubuntu 10.10: apt 0.8.3ubuntu7.2 Ubuntu 10.04 LTS: apt 0.7.25.3ubuntu9.7 Ubuntu 8.04 LTS: apt 0.7.9ubuntu17.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1215-1 https://launchpad.net/bugs/856489 Package Information: https://launchpad.net/ubuntu/+source/apt/0.8.13.2ubuntu4.2 https://launchpad.net/ubuntu/+source/apt/0.8.3ubuntu7.2 https://launchpad.net/ubuntu/+source/apt/0.7.25.3ubuntu9.7 https://launchpad.net/ubuntu/+source/apt/0.7.9ubuntu17.3