CVE-2012-0214

Name of the Vulnerable Software and Affected Versions Advanced Package Tool (APT) versions 0.8.11 through 0.8.15.10 Advanced Package Tool (APT) versions 0.8.16 before 0.8.16~exp13

Description The issue allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file. This leaves the original InRelease file active, making it more difficult to detect that the Packages file is modified and unsigned. The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc is involved in this issue.

Recommendations For Advanced Package Tool (APT) versions 0.8.11 through 0.8.15.10, update to version 0.8.16exp13 or later. For Advanced Package Tool (APT) versions 0.8.16 before 0.8.16exp13, update to version 0.8.16~exp13 or later.