CVE-2019-15796

Name of the Vulnerable Software and Affected Versions python-apt versions 1.9.3ubuntu2 and earlier

Description The issue is related to the functions Version.fetch binary() and Version.fetch source() in the python-apt module, which fails to check if hashes are signed when loading files from repositories. This allows downloads from unsigned repositories, potentially compromising data integrity. The problem has been fixed in versions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Recommendations For python-apt versions 1.9.3ubuntu2 and earlier, update to version 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, or 0.8.3ubuntu7.5 to resolve the issue. As a temporary workaround, consider disabling the Version.fetch binary() and Version.fetch source() functions until a patch is available. Restrict access to unsigned repositories to minimize the risk of exploitation.