UbuntuUpdates.org

Package "apt"

Name: apt

Description:

commandline package manager

Latest version: 2.0.2ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main

Links


Download "apt"


Other versions of "apt" in Focal

Repository Area Version
base main 2.0.2
base universe 2.0.2
security universe 2.0.2ubuntu0.2
updates universe 2.0.10
updates main 2.0.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.2ubuntu0.2 2020-12-09 17:06:22 UTC

  apt (2.0.2ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * .gitlab-ci.yml: Test on focal, not unstable

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:08:43 +0100

Source diff to previous version

Version: 2.0.2ubuntu0.1 2020-05-14 02:06:21 UTC

  apt (2.0.2ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 22:02:05 +0200

1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation



About   -   Send Feedback to @ubuntu_updates