ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Man in the Middle flaw with all versions of APT on Debian

    Scheduled Pinned Locked Moved IT Discussion
    1 Posts 1 Posters 137 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by IRJ

      It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

      https://nvd.nist.gov/vuln/detail/CVE-2011-3374

      Note: This does not affect Ubuntu just certain downstream versions of Debian. Ubuntu uses a separate package manager. You can read the email thread about it here

      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480

      1 Reply Last reply Reply Quote 1
      • 1 / 1
      • First post
        Last post