Ubuntu alert USN-3156-2 (apt)
| From: | Seth Arnold <seth.arnold@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3156-2] APT regression | |
| Date: | Fri, 16 Dec 2016 18:30:14 -0800 | |
| Message-ID: | <20161217023014.GA30928@hunt> |
========================================================================== Ubuntu Security Notice USN-3156-2 December 17, 2016 apt regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 Summary: USN-3156-1 introduced a regression in unattended-upgrades that may require manual intervention to repair. Software Description: - apt: Advanced front-end for dpkg Details: USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal: sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: apt 1.3.3 After a standard system update you should run the following commands to make all the necessary changes: sudo dpkg --configure --pending sudo apt-get -f install References: http://www.ubuntu.com/usn/usn-3156-2 http://www.ubuntu.com/usn/usn-3156-1 https://launchpad.net/bugs/1649959 Package Information: https://launchpad.net/ubuntu/+source/apt/1.3.3 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...