Apt Product Vulnerability in Ubuntu and Debian due to Invalid Date Handling
CVE-2009-1300

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 16 April 2009

What is CVE-2009-1300?

The Apt package manager version 0.7.20 on Ubuntu and Debian systems fails to validate the return of the date command when it encounters an 'invalid date' error. This oversight can hinder the timely loading of security updates, particularly in time zones experiencing daylight saving time (DST) transitions at midnight. Consequently, users may face increased risk of exposure to security threats, as the system is unable to apply critical updates as needed. System administrators should ensure that their package managers are updated to mitigate this risk.

References

http://secunia.com/advisories/34874

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/...

x_refsource_CONFIRM

http://www.debian.org/security/2009/dsa-1779

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2009
Vulnerability Reserved
Apr 16, 2009