UbuntuUpdates.org

Package "apt"

Name: apt

Description:

commandline package manager

Latest version: 1.6.12ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: main

Links


Download "apt"


Other versions of "apt" in Bionic

Repository Area Version
base main 1.6.1
base universe 1.6.1
security universe 1.6.12ubuntu0.2
updates universe 1.6.17
updates main 1.6.17

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.12ubuntu0.2 2020-12-09 17:06:20 UTC

  apt (1.6.12ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:13:36 +0100

Source diff to previous version

Version: 1.6.12ubuntu0.1 2020-05-14 02:06:18 UTC

  apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:03:44 +0200

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 1.6.6ubuntu0.1 2019-01-22 13:07:00 UTC

  apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <email address hidden> Fri, 18 Jan 2019 11:39:50 +0100

Source diff to previous version
1812353 content injection in http method (CVE-2019-3462)
CVE-2019-3462 Content injection in APT http medhod when using redirects

Version: 1.6.3ubuntu0.1 2018-08-20 19:06:20 UTC

  apt (1.6.3ubuntu0.1) bionic-security; urgency=medium

  [ David Kalnischkies ]
  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
    supply any InRelease file without it having to be verified. (LP: #1787752)
    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between
      steps
    - CVE-2018-0501

 -- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200

1787752 mirror.fail - security issue in mirror:// - CVE-2018-0501
CVE-2018-0501 RESERVED



About   -   Send Feedback to @ubuntu_updates