Aptdaemon
Monthly
There is no input validation on the Locale property in an apt transaction. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
There is no input validation on the Locale property in an apt transaction. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.