summaryrefslogtreecommitdiff
path: root/apt-private
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2019-01-18 09:13:52 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2019-01-22 19:50:36 +0100
commitc31d65e76810f72c356e381818174bf100605de7 (patch)
tree91deefa61a51fb765246c0e3e6d19accd545dd50 /apt-private
parent68362f7996f4e72d73b40d61dc821610a1a4a148 (diff)
SECURITY UPDATE: content injection in http method (CVE-2019-3462)
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353 (cherry picked from commit 5eb01ec13f3ede4bae5e60eb16bd8cffb7c03e1b)
Diffstat (limited to 'apt-private')
0 files changed, 0 insertions, 0 deletions