[Bug 856489] Re: Improper verification of updated key via apt-key net-update
Kees Cook
kees at ubuntu.com
Thu Sep 22 15:58:28 UTC 2011
If anyone can't wait for updates, removing the keyring URI from /usr/bin
/apt-key should disable the fetch:
#ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
ARCHIVE_KEYRING_URI=
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/856489
Title:
Improper verification of updated key via apt-key net-update
Status in “apt” package in Ubuntu:
In Progress
Status in “apt” source package in Lucid:
In Progress
Status in “apt” source package in Maverick:
In Progress
Status in “apt” source package in Natty:
In Progress
Status in “apt” source package in Oneiric:
In Progress
Status in “apt” source package in Hardy:
In Progress
Bug description:
As reported on full-disclosure:
http://seclists.org/fulldisclosure/2011/Sep/221
CVE request here:
http://www.openwall.com/lists/oss-security/2011/09/22/5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/856489/+subscriptions
More information about the foundations-bugs
mailing list