Launchpad CVE tracker

CVE 2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Related bugs and status

CVE-2012-0944 (Candidate) is related to these bugs:

Bug #959131: Doesn't detect unauthenticated packages if the transaction hasn't been simulated before

		In	Importance	Status
959131	Doesn't detect unauthenticated packages if the transaction hasn't been simulated before	aptdaemon (Ubuntu)	Critical	Fix Released
959131	Doesn't detect unauthenticated packages if the transaction hasn't been simulated before	aptdaemon (Ubuntu Natty)	Critical	Fix Released
959131	Doesn't detect unauthenticated packages if the transaction hasn't been simulated before	aptdaemon (Ubuntu Oneiric)	Critical	Fix Released
959131	Doesn't detect unauthenticated packages if the transaction hasn't been simulated before	aptdaemon (Ubuntu Precise)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
UBUNTU: USN-1414-1
BID: 52855
OSVDB: 80887
SECUNIA: 48688
XF: aptdaemon-transaction-...

Launchpad.net

CVE 2012-0944

Related bugs and status

Related bugs

References