USN-3746-1: APT vulnerability
- Canonical Ubuntu 18.04
It was discovered that APT incorrectly handled the mirror method (mirror://). If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries.
Affected Cloud Foundry Products and Versions
Severity is high unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs3 prior to 0.13.0
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.13.0 or later.