Launchpad CVE tracker

CVE 2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Related bugs and status

CVE-2011-3374 (Candidate) is related to these bugs:

Bug #856489: Improper verification of updated key via apt-key net-update

		In	Importance	Status
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu)	Critical	Fix Released
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu Lucid)	Critical	Fix Released
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu Maverick)	Critical	Fix Released
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu Oneiric)	Critical	Fix Released
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu Natty)	Critical	Fix Released
856489	Improper verification of updated key via apt-key net-update	apt (Ubuntu Hardy)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3374

References