<<< Date Index >>>     <<< Thread Index >>>

[USN-762-1] APT vulnerabilities



===========================================================
Ubuntu Security Notice USN-762-1             April 20, 2009
apt vulnerabilities
CVE-2009-1300, https://launchpad.net/bugs/356012
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  apt                             0.6.43.3ubuntu3.1

Ubuntu 8.04 LTS:
  apt                             0.7.9ubuntu17.2

Ubuntu 8.10:
  apt                             0.7.14ubuntu6.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Alexandre Martani discovered that the APT daily cron script did not check
the return code of the date command. If a machine is configured for
automatic updates and is in a time zone where DST occurs at midnight, under
certain circumstances automatic updates might not be applied and could
become permanently disabled. (CVE-2009-1300)

Michael Casadevall discovered that APT did not properly verify repositories
signed with a revoked or expired key. If a repository were signed with only
an expired or revoked key and the signature was otherwise valid, APT would
consider the repository valid. (https://launchpad.net/bugs/356012)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1.dsc
      Size/MD5:      815 7bd5e8e5e3ec2a595ac63b0deb39567d
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1.tar.gz
      Size/MD5:  1635376 c112c3316f65f48161af677eca425b72

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.6.43.3ubuntu3.1_all.deb
      Size/MD5:    88762 2d0f3301b4d8f7438ce1bab5211b7871
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.6.43.3ubuntu3.1_all.deb
      Size/MD5:   112106 ff1935f0c2eda8f7e64ef76e8b40a334

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_amd64.deb
      Size/MD5:   198046 222247db4056f04c24cf59d58dd07921
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_amd64.deb
      Size/MD5:  1307286 847fea71df818d1e412f0fe4da4d97f4
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_amd64.deb
      Size/MD5:    82346 32cc1d14f0a800a04ea972ee9cc09c35

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_i386.deb
      Size/MD5:   191824 c989fc79d1c333d32593d0a1e09e6c9e
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_i386.deb
      Size/MD5:  1286556 33a08ac01b3ea5ec98915c7775cbae78
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_i386.deb
      Size/MD5:    82354 58c6d1f177506db5f612766f86a39ae8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_powerpc.deb
      Size/MD5:   206120 05806cb94c0919cbabe7c36f568b95be
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_powerpc.deb
      Size/MD5:  1322236 a8a27eed2eaf45874ef60a94cd95338f
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_powerpc.deb
      Size/MD5:    82352 1242f8afa4f0ccd6ee1105c8eb2c8189

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.6.43.3ubuntu3.1_sparc.deb
      Size/MD5:   185654 81fb8e314d9ce565b4701e2e70920e5d
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.6.43.3ubuntu3.1_sparc.deb
      Size/MD5:  1278136 78ed071c9ff6a1ef9c3b25f413cf09d8
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.6.43.3ubuntu3.1_sparc.deb
      Size/MD5:    82350 1ace0d5bc3069dd09b7482b9ee1224d4

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2.dsc
      Size/MD5:     1077 734b2b18ef88ab07d2cbefc96d2ec7c6
    http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2.tar.gz
      Size/MD5:  2059249 28110553cb73a97610fd4f594d05f825

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.7.9ubuntu17.2_all.deb
      Size/MD5:   102388 4c24b3d50e788a6877a19b5351931724
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.7.9ubuntu17.2_all.deb
      Size/MD5:   126022 1536598ae1840d4a472b716ddac58675

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_amd64.deb
      Size/MD5:    60922 334b1b59ccd8a30d7c4ffff2aaa11d2a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_amd64.deb
      Size/MD5:   201156 ffcdeb611993bb2e42b8882a3c8dd128
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2_amd64.deb
      Size/MD5:  1661542 20ceb152039cfe106e9bd07883bb95ca
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_amd64.deb
      Size/MD5:   110742 15379525cd60139ff77a8ff3d73173c2

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_i386.deb
      Size/MD5:    60572 a797ccfbb3cb6db64747279a81e97f5e
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_i386.deb
      Size/MD5:   200662 d0684c82b7899bc8f0845882d4ec7ec5
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.9ubuntu17.2_i386.deb
      Size/MD5:  1651326 00509300a4d21a7363eeb18b088fe649
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_i386.deb
      Size/MD5:   110732 7002373bd97a2e7b7814c64e547a3dd7

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_lpia.deb
      Size/MD5:    60604 efab6116797ebfcdd67e8e00e772ed2b
    http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_lpia.deb
      Size/MD5:   204976 63c8bdeff7bedcd35817715529f04763
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_lpia.deb
      Size/MD5:  1661196 3c6e11a2b565ba9c61c952865ebd4d05
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_lpia.deb
      Size/MD5:   110742 4f4fcb6a7ad98596d15103304036482b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_powerpc.deb
      Size/MD5:    63598 4eebb5cccf06f12ecd6c63752c0c1578
    
http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_powerpc.deb
      Size/MD5:   223800 b92e7adf7c4778eb655074d758d81d7a
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_powerpc.deb
      Size/MD5:  1741416 b0d2d4ac271d2a1dfff65620d69c5011
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_powerpc.deb
      Size/MD5:   110738 985d6c3a5e2d428c23b20ad87e22fa98

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.9ubuntu17.2_sparc.deb
      Size/MD5:    62628 939635e33e5114378f248fb905d699d4
    http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.9ubuntu17.2_sparc.deb
      Size/MD5:   210734 cb19c4960897279ca8070f8433f6c430
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.9ubuntu17.2_sparc.deb
      Size/MD5:  1697440 3c338bbf986e77fe26aad92d418177f5
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.9ubuntu17.2_sparc.deb
      Size/MD5:   110734 7a7e661a0893991b66129756a8e7ac62

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1.dsc
      Size/MD5:     1301 a199f18a4c6d8f81e681d8b4717aca83
    http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1.tar.gz
      Size/MD5:  2087028 d1a8a1a947b8ed32ae67ff2b1766972b

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-doc_0.7.14ubuntu6.1_all.deb
      Size/MD5:   105912 1156d043e305781cccfffabd350944a4
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-doc_0.7.14ubuntu6.1_all.deb
      Size/MD5:   129694 6e37092150f9e78e08d87eed898b7fd3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_amd64.deb
      Size/MD5:    65050 ee5f86eb8d9491694e56e37af35ef795
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_amd64.deb
      Size/MD5:   199386 6f7c5d095116ddcc7ecca423eeef6d36
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1_amd64.deb
      Size/MD5:  1679816 1d94ef488c90eadd4b670f5018d55efa
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_amd64.deb
      Size/MD5:   113212 1b00bde13cd452887ad1a1c8b2dc194f

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_i386.deb
      Size/MD5:    64352 fae78e897308809945047e35f0ae1fde
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_i386.deb
      Size/MD5:   194720 f5d62c304ff4b311c0d728baf520dfcf
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_0.7.14ubuntu6.1_i386.deb
      Size/MD5:  1671518 6d69e2e48da97da8bc8cfd44571e2dc7
    
http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_i386.deb
      Size/MD5:   113224 418e77bde363f964972459af1f1901ef

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_lpia.deb
      Size/MD5:    64506 8571fec494be7c33105aae9d61dfd278
    http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_lpia.deb
      Size/MD5:   198090 e0046bc9a04b33ebf4873b7820c9e4f6
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_lpia.deb
      Size/MD5:  1683654 d73988711f6c3004ea6798a43212c5d4
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_lpia.deb
      Size/MD5:   113218 37846a44f405cebdd8b397a0a0df83b7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_powerpc.deb
      Size/MD5:    66804 22d1c770a9797eb078be75cfb739bcb3
    
http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_powerpc.deb
      Size/MD5:   214368 4bfba90ea5b562181159a0ecc017d89c
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_powerpc.deb
      Size/MD5:  1750934 679a4b4f110d764313cb1b0e9eb6b3cb
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_powerpc.deb
      Size/MD5:   113232 f8a9901e860cf56639af7caebca9c94c

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apt/apt-transport-https_0.7.14ubuntu6.1_sparc.deb
      Size/MD5:    66208 7924ea4b95710fd51e637a159cb9de11
    http://ports.ubuntu.com/pool/main/a/apt/apt-utils_0.7.14ubuntu6.1_sparc.deb
      Size/MD5:   198350 85c7421f00b5aef8475ea79a9149212f
    http://ports.ubuntu.com/pool/main/a/apt/apt_0.7.14ubuntu6.1_sparc.deb
      Size/MD5:  1689062 2bb88bdd6d0a4531331796f89308d59b
    
http://ports.ubuntu.com/pool/main/a/apt/libapt-pkg-dev_0.7.14ubuntu6.1_sparc.deb
      Size/MD5:   113214 e568d25da02b2af9378eb95106ca0272


Attachment: signature.asc
Description: Digital signature