CVE-2014-6273
Published: 23 September 2014
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Notes
Author | Note |
---|---|
mdeslaur | should only be a denial of service because of hardening |
Priority
Status
Package | Release | Status |
---|---|---|
apt Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(0.7.25.3ubuntu9.17.1)
|
|
precise |
Released
(0.8.16~exp12ubuntu10.20.1)
|
|
trusty |
Released
(1.0.1ubuntu2.4.1)
|
|
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. |