Ubuntu Security Notice USN-762-1
20th April, 2009
apt vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Software description
- apt
Details
Alexandre Martani discovered that the APT daily cron script did not check
the return code of the date command. If a machine is configured for
automatic updates and is in a time zone where DST occurs at midnight, under
certain circumstances automatic updates might not be applied and could
become permanently disabled. (CVE-2009-1300)
Michael Casadevall discovered that APT did not properly verify repositories
signed with a revoked or expired key. If a repository were signed with only
an expired or revoked key and the signature was otherwise valid, APT would
consider the repository valid. (https://launchpad.net/bugs/356012)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- apt 0.7.14ubuntu6.1
- Ubuntu 8.04 LTS:
- apt 0.7.9ubuntu17.2
- Ubuntu 6.06 LTS:
- apt 0.6.43.3ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.