CVE-2011-3634

Name of the Vulnerable Software and Affected Versions apt versions prior to 0.8.11

Description The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled.

Recommendations For versions prior to 0.8.11, update to version 0.8.11 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTPS connections until a patch is available. Restrict access to sensitive repository credentials to minimize the risk of exploitation.