CVE-2014-6273

Related Files

Debian Security Advisory 3031-1

Posted Sep 24, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3031-1 - The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.

tags | advisory, web, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2014-6273

SHA-256 | 1868df8a88a13239945f034440fe682b0e121f18704c5b892e1bc8e05326064e

Download | Favorite | View

Ubuntu Security Notice USN-2353-1

Posted Sep 24, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2353-1 - It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2014-6273

SHA-256 | f18a6d99273ccea43f4ff13505d8b7b64673270f54fc2a22c95b75f5502949bc

Download | Favorite | View