RSS   Vulnerabilities for 'Software-properties'   RSS

2020-12-02
 
CVE-2012-0955

CWE-295
 

 
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.

 
2014-05-13
 
CVE-2011-4407

CWE-20
 

 
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

 

 >>> Vendor: Canonical 39 Products
Spread
Ubuntu linux
Ubuntu enterprise cloud
PHP5
Ubuntu software properties
Telepathy-idle
MAAS
Libpam-modules
Update-manager
Accountsservice
Software-properties
Ltsp display manager
Acpi-support
Reportbug
Ubuntu
Lxcfs
Ubuntu core
Ubuntu touch
Ubuntu-core-launcher
LXD
Openstack ironic
JUJU
Ubuntu-image
Bazaar
Screen-resolution-extra
Apparmor
Ubuntu download manager
Snapd
Apt-xapian-index
Metal as a service
Cloud-init
Ubuntu cobbler
Microk8s
C-kernel
Subiquity
Checkinstall
Ubuntu-ui-toolkit
Remote-login-service
Courier-authlib


Copyright 2021, cxsecurity.com

 

Back to Top