Ubuntu alert USN-3746-1 (apt)

From:
               Marc Deslauriers <marc.deslauriers@canonical.com> 
To:
               "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> 
Subject:
               [USN-3746-1] APT vulnerability 
Date:
               Mon, 20 Aug 2018 14:42:13 -0400
Message-ID:
               <c54fe9f8-be18-e443-f55e-e21bfc7b761c@canonical.com>
==========================================================================
Ubuntu Security Notice USN-3746-1
August 20, 2018

apt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

An attacker could trick APT into installing altered packages.

Software Description:
- apt: Advanced front-end for dpkg

Details:

It was discovered that APT incorrectly handled the mirror method
(mirror://). If a remote attacker were able to perform a man-in-the-middle
attack, this flaw could potentially be used to install altered packages in
environments configured to use mirror:// entries.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  apt                             1.6.3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3746-1
  CVE-2018-0501

Package Information:
  https://launchpad.net/ubuntu/+source/apt/1.6.3ubuntu0.1

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...

From:		Marc Deslauriers <marc.deslauriers@canonical.com>
To:		"ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:		[USN-3746-1] APT vulnerability
Date:		Mon, 20 Aug 2018 14:42:13 -0400
Message-ID:		<c54fe9f8-be18-e443-f55e-e21bfc7b761c@canonical.com>