Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

Related bugs and status

CVE-2011-3634 (Candidate) is related to these bugs:

Bug #868353: in apt-https Verify-Peer does not fail a connection on error

		In	Importance	Status
868353	in apt-https Verify-Peer does not fail a connection on error	apt (Ubuntu)	High	Fix Released
868353	in apt-https Verify-Peer does not fail a connection on error	apt (Ubuntu Lucid)	High	Fix Released
868353	in apt-https Verify-Peer does not fail a connection on error	apt (Ubuntu Maverick)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ubuntu.com/...
MISC: http://people.canonica...
MISC: https://alioth.debian....
MISC: https://bugs.launchpad...