GPGv Security Flaw in APT Package Manager by Debian
CVE-2009-1358

Currently unrated

Key Information:

Vendor: Debian
Status: Apt; Advanced Package Tool
Vendor: CVE Published:; 21 April 2009

Summary

APT prior to version 0.7.21 fails to accurately check error codes from gpgv, leading to a scenario where the package manager wrongly considers a repository valid. This could enable remote adversaries to deceive APT into installing repositories that maliciously alter system files or compromise security integrity, particularly when the associated signing key has been revoked or is outdated.

References

http://secunia.com/advisories/34874

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2009/dsa-1779

vendor-advisoryx_refsource_DEBIAN

http://secunia.com/advisories/34829

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 21, 2009
Vulnerability Reserved
Apr 21, 2009