Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
python-apt uses MD5 for validation
Vulnerability Description
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
python-apt 加密问题漏洞
Vulnerability Description
python-apt中存在加密问题漏洞,该漏洞源于程序使用MD5哈希算法来验证下载的软件包。攻击者可通过实施中间人攻击利用该漏洞安装被修改的软件包。
CVSS Information
N/A
Vulnerability Type
N/A