CVE-2014-0478

Name of the Vulnerable Software and Affected Versions apt versions prior to 1.0.4

Description The issue concerns multiple vulnerabilities in the apt package of the Debian GNU/Linux operating system, which can be exploited to compromise the integrity and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the problem arises from the failure to properly validate source packages, allowing man-in-the-middle attackers to download and install malicious packages by removing the Release signature.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the package installation process to minimize the risk of exploitation. Avoid using untrusted sources for package downloads until the issue is resolved.