diff options
author | Julian Andres Klode <julian.klode@canonical.com> | 2019-01-18 09:13:52 +0100 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2019-01-18 16:38:03 +0100 |
commit | dbbed1523925d5b7ff8325064ba0ae4ba2def541 (patch) | |
tree | 48e3244a1993a98a021d0620521ac829bab8983a /apt-private/private-search.cc | |
parent | 03af77d4ca60a21f3dca1ab10ef2ba17ec2f96c9 (diff) |
SECURITY UPDATE: content injection in http method (CVE-2019-3462)
This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:
(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
\n encoded)
(2) apt method decodes the redirect (because the method encodes the URLs before
sending them out), writting something like
somewhere\n
<headers>
into its output
(3) apt then uses the headers injected for validation purposes.
Our test webserver does not support the necessary bits in this version that
we used in newer versions, so no testing script is provided.
Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec
LP: #1812353
Diffstat (limited to 'apt-private/private-search.cc')
0 files changed, 0 insertions, 0 deletions