UbuntuUpdates.org

Package "apt-utils"

Name: apt-utils

Description:

package management related utility programs
Latest version: 2.0.2ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main
Head package: apt

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "apt-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "apt-utils" in Focal

Repository Area Version
base main 2.0.2
updates main 2.0.11

Changelog

Version: 2.0.2ubuntu0.2 2020-12-09 17:06:22 UTC

  apt (2.0.2ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * .gitlab-ci.yml: Test on focal, not unstable

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:08:43 +0100
Source diff to previous version

Version: 2.0.2ubuntu0.1 2020-05-14 02:06:21 UTC

  apt (2.0.2ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 22:02:05 +0200
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation


About   -   Send Feedback to @ubuntu_updates