CVE-2012-0944

Publication date 2 April 2012

Last updated 24 July 2024


Ubuntu priority

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
aptdaemon 11.10 oneiric
Fixed 0.43+bzr697-0ubuntu1.2
11.04 natty
Fixed 0.41+bzr661-0ubuntu0.2
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release

Notes


mdeslaur

only affects natty and higher

References

Related Ubuntu Security Notices (USN)

Other references