CVE-2011-1829

Publication date 13 July 2011

Last updated 24 July 2024

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apt	11.04 natty	Fixed 0.8.13.2ubuntu4.1
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

only apt in natty+ support InRelease files

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1169-1
APT vulnerability
13 July 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1829