Bug 35986 - apt: Buffer overflow (3.2)
Summary: apt: Buffer overflow (3.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 3.2
Hardware: Other Linux
: P3 normal
Target Milestone: UCS 3.2-3-errata
Assignee: Janek Walkenhorst
QA Contact: Felix Botner
URL:
Keywords:
Depends on:
Blocks: 36277
  Show dependency treegraph
 
Reported: 2014-09-23 19:21 CEST by Moritz Muehlenhoff
Modified: 2014-10-22 18:49 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-09-23 19:21:08 CEST 
CVE-2014-6273

Buffer overflow in the HTTP backend of apt, resulting in the execution of arbitrary code by a MITM attacker.
Comment 1 Janek Walkenhorst univentionstaff 2014-09-24 18:20:44 CEST 
Advisory: 2014-09-24-apt.yaml
Tests (amd64): OK
Comment 2 Felix Botner univentionstaff 2014-09-25 12:50:22 CEST 
OK - install on amd64/i386
OK - apt still works after update
OK - YAML
Comment 3 Janek Walkenhorst univentionstaff 2014-09-25 14:32:35 CEST 
http://errata.univention.de/ucs/3.2/212.html