diff options
author | Julian Andres Klode <julian.klode@canonical.com> | 2019-01-18 09:13:52 +0100 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2019-01-25 12:38:58 +0100 |
commit | fe049d5f5fc8c5bf13d297d1fb45410eb058d8d6 (patch) | |
tree | 9d47cb8b8c4454b29a111d97a9913471dbf3ae1b /apt-pkg/deb/debmetaindex.cc | |
parent | dc9ba136ee9e6766277a7471084114726cc50af3 (diff) |
SECURITY UPDATE: content injection in http method (CVE-2019-3462)
This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:
(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
\n encoded)
(2) apt method decodes the redirect (because the method encodes the URLs before
sending them out), writting something like
somewhere\n
<headers>
into its output
(3) apt then uses the headers injected for validation purposes.
Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec
LP: #1812353
Diffstat (limited to 'apt-pkg/deb/debmetaindex.cc')
0 files changed, 0 insertions, 0 deletions