CVE-2019-15796

Published: Mar 26, 2020Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.7

Source: NVD

Description

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Affected (66)

Products: Ubuntu: Python Apt · Debian: Python Apt

1 product

1 product

Configuration A

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 0.8.0 ubuntu9
Ubuntu Python Apt	Version 0.8.1 ubuntu1
Ubuntu Python Apt	Version 0.8.3 ubuntu1
Ubuntu Python Apt	Version 0.8.3 ubuntu2
Ubuntu Python Apt	Version 0.8.3 ubuntu3
Ubuntu Python Apt	Version 0.8.3 ubuntu4
Ubuntu Python Apt	Version 0.8.3 ubuntu5
Ubuntu Python Apt	Version 0.8.3 ubuntu6
Ubuntu Python Apt	Version 0.8.3 ubuntu7.1
Ubuntu Python Apt	Version 0.8.3 ubuntu7.2
Ubuntu Python Apt	Version 0.8.3 ubuntu7.3
Ubuntu Python Apt	Version 0.8.3 ubuntu7

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 12.04

Configuration B

19 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 0.8.9.1
Ubuntu Python Apt	Version 0.8.9.1 ubuntu1
Ubuntu Python Apt	Version 0.9.0
Ubuntu Python Apt	Version 0.9.1
Ubuntu Python Apt	Version 0.9.1 build1
Ubuntu Python Apt	Version 0.9.1 build2
Ubuntu Python Apt	Version 0.9.1 ubuntu1
Ubuntu Python Apt	Version 0.9.3.1
Ubuntu Python Apt	Version 0.9.3.2
Ubuntu Python Apt	Version 0.9.3.2 ubuntu1
Ubuntu Python Apt	Version 0.9.3.2 ubuntu2
Ubuntu Python Apt	Version 0.9.3.3
Ubuntu Python Apt	Version 0.9.3.3 ubuntu1
Ubuntu Python Apt	Version 0.9.3.4
Ubuntu Python Apt	Version 0.9.3.4 build1
Ubuntu Python Apt	Version 0.9.3.5
Ubuntu Python Apt	Version 0.9.3.5 ubuntu1
Ubuntu Python Apt	Version 0.9.3.5 ubuntu2
Ubuntu Python Apt	Version 0.9.3.5 ubuntu3

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 14.04

Configuration C

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.0.1 build1
Ubuntu Python Apt	Version 1.0.1 ubuntu1
Ubuntu Python Apt	Version 1.0.1 ubuntu2
Ubuntu Python Apt	Version 1.1.0 beta1
Ubuntu Python Apt	Version 1.1.0 beta1build1
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.1
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.2
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.3
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.4
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.5

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 16.04

Configuration D

14 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Debian Python Apt	Version 1.8.4
Ubuntu Python Apt	Version 1.4.0
Ubuntu Python Apt	Version 1.4.0 beta3build2
Ubuntu Python Apt	Version 1.4.0 beta3ubuntu1
Ubuntu Python Apt	Version 1.6.0
Ubuntu Python Apt	Version 1.6.0 rc1
Ubuntu Python Apt	Version 1.6.0 rc2ubuntu1
Ubuntu Python Apt	Version 1.6.0 rc2ubuntu2
Ubuntu Python Apt	Version 1.6.0 rc3
Ubuntu Python Apt	Version 1.6.1
Ubuntu Python Apt	Version 1.6.2
Ubuntu Python Apt	Version 1.6.3
Ubuntu Python Apt	Version 1.6.3 ubuntu1
Ubuntu Python Apt	Version 1.6.4

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 18.04

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.9.0 alpha0~ubuntu1
Ubuntu Python Apt	Version 1.9.0 alpha0~ubuntu2
Ubuntu Python Apt	Version 1.9.0 ubuntu1

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 19.10

Configuration F

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.7.0
Ubuntu Python Apt	Version 1.8.0
Ubuntu Python Apt	Version 1.8.0 alpha0~ubuntu1
Ubuntu Python Apt	Version 1.8.0 alpha0~ubuntu2
Ubuntu Python Apt	Version 1.8.1
Ubuntu Python Apt	Version 1.8.2
Ubuntu Python Apt	Version 1.8.3
Ubuntu Python Apt	Version 1.8.4