Bulletin d'alerte Debian
DSA-1779-1 apt -- Plusieurs vulnérabilités
- Date du rapport :
- 26 avril 2009
- Paquets concernés :
- apt
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le système de suivi des bogues Debian : Bogue 523213, Bogue 433091.
Dans le dictionnaire CVE du Mitre : CVE-2009-1300, CVE-2009-1358. - Plus de précisions :
-
Deux vulnérabilités ont été découvertes dans APT, l'interface bien connue de dpkg. Le projet « Common Vulnerabilities and Exposures » (CVE) identifie les problèmes suivants.
- CVE-2009-1300
Dans les fuseaux horaires où le passage à l'heure d'été se fait à minuit, le script apt cron.daily échoue, empêchant les mises à jour de sécurité d'être appliquées automatiquement.
- CVE-2009-1358
Un dépôt signé avec une clé OpenPGP expirée ou révoquée pourrait être toujours considéré valide par APT.
Pour l'ancienne distribution stable (Etch), ces problèmes ont été corrigés dans la version 0.6.46.4-0.1+etch1.
Pour la distribution stable (Lenny), ces problèmes ont été corrigés dans la version 0.7.20.2+lenny1.
Pour la distribution unstable (Sid), ces problèmes ont été corrigés dans la version 0.7.21.
Nous vous recommandons de mettre à jour votre paquet apt.
- CVE-2009-1300
- Corrigé dans :
-
Debian GNU/Linux 4.0 (etch)
- Source :
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
Debian GNU/Linux 5.0 (lenny)
- Source :
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.tar.gz
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.