CVE-2011-4407

Name of the Vulnerable Software and Affected Versions Software Properties versions prior to 0.81.13.3

Description The issue concerns the failure to validate the server certificate when downloading PPA GPG key fingerprints. This allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

Recommendations For versions prior to 0.81.13.3, update to version 0.81.13.3 or later to resolve the issue.