CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0023 (0.2%)
Percentil: 45.6%
EPSS: 2026-05-06
Afecta
debian:advanced_package_toolDescripción técnica
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
Publicada: 17/6/2014, 14:55:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://secunia.com/advisories/58843
- http://secunia.com/advisories/59358
- http://www.debian.org/security/2014/dsa-2958
- http://www.ubuntu.com/usn/USN-2246-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795
- http://secunia.com/advisories/58843
- http://secunia.com/advisories/59358
- http://www.debian.org/security/2014/dsa-2958