USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a machine-in-the-middle attack and inject malicious content into the stream.
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "python-simplestreams",
"binary_version": "0.1.0~bzr341-0ubuntu2.3"
},
{
"binary_name": "python-simplestreams-openstack",
"binary_version": "0.1.0~bzr341-0ubuntu2.3"
},
{
"binary_name": "python3-simplestreams",
"binary_version": "0.1.0~bzr341-0ubuntu2.3"
},
{
"binary_name": "simplestreams",
"binary_version": "0.1.0~bzr341-0ubuntu2.3"
}
]
}