UbuntuUpdates.org

Package "apt"

Name: apt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional package for https support

Latest version: 1.6.12ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: universe

Links



Other versions of "apt" in Bionic

Repository Area Version
base main 1.6.1
base universe 1.6.1
security main 1.6.12ubuntu0.2
updates universe 1.6.17
updates main 1.6.17

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.12ubuntu0.2 2020-12-09 17:06:21 UTC

  apt (1.6.12ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:13:36 +0100

Source diff to previous version

Version: 1.6.12ubuntu0.1 2020-05-14 02:06:19 UTC

  apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:03:44 +0200

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 1.6.6ubuntu0.1 2019-01-22 13:07:00 UTC

  apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <email address hidden> Fri, 18 Jan 2019 11:39:50 +0100

Source diff to previous version
1812353 content injection in http method (CVE-2019-3462)
CVE-2019-3462 Content injection in APT http medhod when using redirects

Version: 1.6.3ubuntu0.1 2018-08-20 19:06:21 UTC

  apt (1.6.3ubuntu0.1) bionic-security; urgency=medium

  [ David Kalnischkies ]
  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
    supply any InRelease file without it having to be verified. (LP: #1787752)
    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between
      steps
    - CVE-2018-0501

 -- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200

1787752 mirror.fail - security issue in mirror:// - CVE-2018-0501
CVE-2018-0501 RESERVED



About   -   Send Feedback to @ubuntu_updates