CVE-2014-0478

EPSS 0.23%

apt - security update

Published: 6/17/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-0478

Description

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

Affected packages (2)

Debian/aptfrom 0, < 1.0.4
Debian/aptfrom 0, < 0.9.7.9+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0478