CVE-2011-3634

EPSS 0.16%

apt - security update

Published: 3/1/2014Modified: 4/28/2026

Description

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

Affected packages (2)

Debian/aptfrom 0, < 0.8.11
Debian/aptfrom 0, < 0.8.10.3+squeeze2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-3634