CVE-2012-0962

Name of the Vulnerable Software and Affected Versions Aptdaemon version 0.43 in Ubuntu versions 11.10 and 12.04 LTS

Description The issue allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. This is due to Aptdaemon using short IDs when importing PPA GPG keys from a keyserver.

Recommendations For Aptdaemon version 0.43 in Ubuntu versions 11.10 and 12.04 LTS, consider using a secure connection to import PPA GPG keys to minimize the risk of a man-in-the-middle attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.