CVE-2012-0955

Name of the Vulnerable Software and Affected Versions software-properties versions prior to 0.92

Description The issue is related to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. The software didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided.

Recommendations For software-properties versions prior to 0.92, update to version 0.92 to resolve the issue. As a temporary workaround, consider disabling the use of TLS connections or ensuring a valid certificate bundle is provided when using python3 until the update is applied. Restrict access to the softwareproperties/ppa.py module to minimize the risk of exploitation.