Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Published

2020-03-26T13:15:12.750

Last Modified

2024-11-21T04:29:29.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-327
Type: Primary
CWE-327

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ubuntu	python-apt	0.8.0	Yes
Application	ubuntu	python-apt	0.8.1	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Application	ubuntu	python-apt	0.8.3	Yes
Operating System	canonical	ubuntu_linux	12.04	No
Application	ubuntu	python-apt	0.8.9.1	Yes
Application	ubuntu	python-apt	0.8.9.1	Yes
Application	ubuntu	python-apt	0.9.0	Yes
Application	ubuntu	python-apt	0.9.1	Yes
Application	ubuntu	python-apt	0.9.1	Yes
Application	ubuntu	python-apt	0.9.1	Yes
Application	ubuntu	python-apt	0.9.1	Yes
Application	ubuntu	python-apt	0.9.3.1	Yes
Application	ubuntu	python-apt	0.9.3.2	Yes
Application	ubuntu	python-apt	0.9.3.2	Yes
Application	ubuntu	python-apt	0.9.3.2	Yes
Application	ubuntu	python-apt	0.9.3.3	Yes
Application	ubuntu	python-apt	0.9.3.3	Yes
Application	ubuntu	python-apt	0.9.3.4	Yes
Application	ubuntu	python-apt	0.9.3.4	Yes
Application	ubuntu	python-apt	0.9.3.5	Yes
Application	ubuntu	python-apt	0.9.3.5	Yes
Application	ubuntu	python-apt	0.9.3.5	Yes
Application	ubuntu	python-apt	0.9.3.5	Yes
Operating System	canonical	ubuntu_linux	14.04	No
Application	ubuntu	python-apt	1.0.1	Yes
Application	ubuntu	python-apt	1.0.1	Yes
Application	ubuntu	python-apt	1.0.1	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Application	ubuntu	python-apt	1.1.0	Yes
Operating System	canonical	ubuntu_linux	16.04	No
Application	debian	python-apt	1.8.4	Yes
Application	ubuntu	python-apt	1.4.0	Yes
Application	ubuntu	python-apt	1.4.0	Yes
Application	ubuntu	python-apt	1.4.0	Yes
Application	ubuntu	python-apt	1.6.0	Yes
Application	ubuntu	python-apt	1.6.0	Yes
Application	ubuntu	python-apt	1.6.0	Yes
Application	ubuntu	python-apt	1.6.0	Yes
Application	ubuntu	python-apt	1.6.0	Yes
Application	ubuntu	python-apt	1.6.1	Yes
Application	ubuntu	python-apt	1.6.2	Yes
Application	ubuntu	python-apt	1.6.3	Yes
Application	ubuntu	python-apt	1.6.3	Yes
Application	ubuntu	python-apt	1.6.4	Yes
Application	ubuntu	python-apt	1.8.4	Yes
Operating System	canonical	ubuntu_linux	18.04	No
Application	ubuntu	python-apt	1.8.4	Yes
Application	ubuntu	python-apt	1.9.0	Yes
Application	ubuntu	python-apt	1.9.0	Yes
Application	ubuntu	python-apt	1.9.0	Yes
Operating System	canonical	ubuntu_linux	19.10	No
Application	ubuntu	python-apt	1.7.0	Yes
Application	ubuntu	python-apt	1.8.0	Yes
Application	ubuntu	python-apt	1.8.0	Yes
Application	ubuntu	python-apt	1.8.0	Yes
Application	ubuntu	python-apt	1.8.1	Yes
Application	ubuntu	python-apt	1.8.2	Yes
Application	ubuntu	python-apt	1.8.3	Yes
Application	ubuntu	python-apt	1.8.4	Yes
Operating System	canonical	ubuntu_linux	19.04	No

References

https://usn.ubuntu.com/4247-1/ Patch, Vendor Advisory ([email protected])
https://usn.ubuntu.com/4247-3/ Patch, Vendor Advisory ([email protected])
https://usn.ubuntu.com/4247-1/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4247-3/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)