CVE-2012-5356

Name of the Vulnerable Software and Affected Versions Ubuntu Software Properties versions 0.75.x through 0.75.9, Ubuntu Software Properties versions 0.80.x through 0.80.9.1, Ubuntu Software Properties versions 0.81.x through 0.81.13.4, Ubuntu Software Properties versions 0.82.x through 0.82.7.2, Ubuntu Software Properties versions 0.92.x through 0.92.7

Description The issue allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack, due to the apt-add-repository tool not properly checking PPA GPG keys imported from a keyserver.

Recommendations For Ubuntu Software Properties version 0.75.x, update to version 0.75.10.3 or later. For Ubuntu Software Properties version 0.80.x, update to version 0.80.9.2 or later. For Ubuntu Software Properties version 0.81.x, update to version 0.81.13.5 or later. For Ubuntu Software Properties version 0.82.x, update to version 0.82.7.3 or later. For Ubuntu Software Properties version 0.92.x, update to version 0.92.8 or later.