Debian Security Advisory
DSA-1779-1 apt -- several vulnerabilities
- Date Reported:
- 26 Apr 2009
- Affected Packages:
- apt
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 523213, Bug 433091.
In Mitre's CVE dictionary: CVE-2009-1300, CVE-2009-1358. - More information:
-
Two vulnerabilities have been discovered in APT, the well-known dpkg frontend. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2009-1300
In time zones where daylight savings time occurs at midnight, the apt cron.daily script fails, stopping new security updates from being applied automatically.
- CVE-2009-1358
A repository that has been signed with an expired or revoked OpenPGP key would still be considered valid by APT.
For the old stable distribution (etch), these problems have been fixed in version 0.6.46.4-0.1+etch1.
For the stable distribution (lenny), these problems have been fixed in version 0.7.20.2+lenny1.
For the unstable distribution (sid), these problems have been fixed in version 0.7.21.
We recommend that you upgrade your apt package.
- CVE-2009-1300
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.tar.gz
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.