CVE-2018-0501
N/A
N/A
Summary
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 | APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 | affected |
Weaknesses
- lack of signature verification
ADP Enrichment
CVE Program Container
Additional References
- https://mirror.fail
- https://usn.ubuntu.com/3746-1/
- https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47
- https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec
References
- https://mirror.fail
- https://usn.ubuntu.com/3746-1/
- https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47
- https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.