CVE-2009-1300

Name of the Vulnerable Software and Affected Versions apt version 0.7.20 libapt-pkg-dev (affected versions not specified) apt-utils (affected versions not specified) libapt-pkg-doc (affected versions not specified) apt-transport-https (affected versions not specified)

Description The issue affects the apt package, which does not check for an "invalid date" error when the date command is executed, potentially preventing apt from loading security updates in time zones where DST occurs at midnight. Multiple vulnerabilities have been identified in various Debian GNU/Linux packages, including libapt-pkg-dev, apt-utils, libapt-pkg-doc, and apt-transport-https. These vulnerabilities can be exploited remotely, leading to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For apt version 0.7.20, update to a version that checks for "invalid date" errors when the date command is executed. For libapt-pkg-dev, restrict access to the package until a fix is available. For apt-utils, avoid using the package until a fix is available. For libapt-pkg-doc, restrict access to the package until a fix is available. For apt-transport-https, avoid using the package until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.