CVE-2014-0489
https://notcve.org/view.php?id=CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. APT anterior a 1.0.9, cunado la opción Acquire::GzipIndexes está habilitada, no valida checksums, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •
CVE-2014-0490
https://notcve.org/view.php?id=CVE-2014-0490
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. El comando de descarga apt-get en APT anterior a 1.0.9 no valida debidamente las firmas para paquetes, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •