CVE-2009-1358

Name of the Vulnerable Software and Affected Versions apt versions prior to 0.7.21

Description The issue concerns multiple vulnerabilities in the apt package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The problem arises because apt-get does not check for the correct error code from gpgv, causing apt to treat a repository as valid even when it has been signed with a revoked or expired key. This might allow remote attackers to trick apt into installing malicious repositories.

Recommendations For versions prior to 0.7.21, update to version 0.7.21 or later to resolve the issue. As a temporary workaround, consider restricting the use of apt-get until a patch is available. Avoid using apt-get to install repositories from untrusted sources until the issue is resolved.