Updated apt packages are available for both Debian 6 and 7:
[DLA 58-1] apt security update
[DSA 3031-1] apt security update
[DLA 58-1] apt security update
[DSA 3031-1] apt security update
[DLA 58-1] apt security update
Package : apt
Version : 0.8.10.3+squeeze5
CVE ID : CVE-2014-6273
The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the 'http' apt method binary, or
potentially to arbitrary code execution.
The following regression fixes were included in this update:
* Fix regression from the previous update in DLA-53-1 when the custom
apt configuration option for Dir::state::lists is set to a relative
path (#762160).
* Fix regression in the reverificaiton handling of cdrom: sources that
may lead to incorrect hashsum warnings. Affected users need to run
"apt-cdrom add" again after the update was applied.
* Fix regression from the previous update in DLA-53-1 when file:///
sources are used and those are on a different partition than the apt
state directory.
[DSA 3031-1] apt security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3031-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
September 23, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apt
CVE ID : CVE-2014-6273
The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the 'http' apt method binary, or
potentially to arbitrary code execution.
Two regression fixes were included in this update:
* Fix regression from the previous update in DSA-3025-1 when the custom
apt configuration option for Dir::state::lists is set to a relative
path (#762160).
* Fix regression in the reverificaiton handling of cdrom: sources that
may lead to incorrect hashsum warnings. Affected users need to run
"apt-cdrom add" again after the update was applied.
For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u5.
We recommend that you upgrade your apt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/