Test ID:	1.3.6.1.4.1.25623.1.0.841975
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2353-1)
Summary:	The remote host is missing an update for the 'apt' package(s) announced via the USN-2353-1 advisory.
Description:	Summary: The remote host is missing an update for the 'apt' package(s) announced via the USN-2353-1 advisory. Vulnerability Insight: It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-6273) In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Affected Software/OS: 'apt' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6273 BugTraq ID: 70075 http://www.securityfocus.com/bid/70075 Debian Security Information: DSA-3031 (Google Search) http://www.debian.org/security/2014/dsa-3031 http://secunia.com/advisories/61605 http://secunia.com/advisories/61710 http://www.ubuntu.com/usn/USN-2353-1 XForce ISS Database: apt-cve20146273-bo(96151) https://exchange.xforce.ibmcloud.com/vulnerabilities/96151
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.