USN-4247-3
- Source
- https://ubuntu.com/security/notices/USN-4247-3
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4247-3.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4247-3
- Related
- Published
- 2020-01-23T15:11:16.264619Z
- Modified
- 2020-01-23T15:11:16.264619Z
- Summary
- python-apt vulnerabilities
- Details
-
USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796)
- References
Affected packages
Ubuntu:14.04:LTS / python-apt
Package
- Name
- python-apt
- Purl
- pkg:deb/ubuntu/python-apt@0.9.3.5ubuntu3+esm2?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.3.5ubuntu3+esm2
Affected versions
0.*
0.8.9.1ubuntu1
0.9.0
0.9.1
0.9.1ubuntu1
0.9.3.2
0.9.3.2ubuntu2
0.9.3.3
0.9.3.3ubuntu1
0.9.3.4
0.9.3.4build1
0.9.3.5
0.9.3.5ubuntu1
0.9.3.5ubuntu2
0.9.3.5ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "0.9.3.5ubuntu3+esm2",
"binary_name": "python3-apt"
},
{
"binary_version": "0.9.3.5ubuntu3+esm2",
"binary_name": "python-apt"
},
{
"binary_version": "0.9.3.5ubuntu3+esm2",
"binary_name": "python-apt-common"
},
{
"binary_version": "0.9.3.5ubuntu3+esm2",
"binary_name": "python-apt-dev"
},
{
"binary_version": "0.9.3.5ubuntu3+esm2",
"binary_name": "python-apt-doc"
}
]
}