CVE-2016-1252

Priority
High
Description
A man-in-the-middle attacker could circumvent the InRelease signature of a
repository, leading to a malicious package being installed and, therefore,
remote arbitrary code execution.
References
Bugs
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (1.4~beta2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (InRelease file splitting code is not present)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1ubuntu2.17)
Ubuntu Core 15.04:ignored (snap packages not install using apt)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.15ubuntu0.2)
Ubuntu 17.04 (Zesty Zapus):released (1.4~beta2)
More Information

Updated: 2017-09-07 16:14:14 UTC (commit 13279)