MidnightBSD

Advisories for sebastian_heinlein

CVE-2011-0725 MEDIUM

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.10
canonical ubuntu_linux 11.04
sebastian_heinlein aptdaemon 0.40
CVE-2012-0944 MEDIUM

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
sebastian_heinlein aptdaemon 0.20
sebastian_heinlein aptdaemon 0.33
canonical ubuntu_linux 12.04
sebastian_heinlein aptdaemon 0.40
sebastian_heinlein aptdaemon 0.34
sebastian_heinlein aptdaemon 0.32
canonical ubuntu_linux 11.10
sebastian_heinlein aptdaemon 0.30
sebastian_heinlein aptdaemon *
sebastian_heinlein aptdaemon 0.31
sebastian_heinlein aptdaemon 0.41
canonical ubuntu_linux 11.04