Software Properties Exploit Fixed for Multiple OSes

On October 1st, in a security notice Canonical published details about a Software Properties vulnerability for its Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, Software Properties could be tricked into installing arbitrary PPA GPG keys. The apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could b… (read more)

Comments are closed.