{"id":"USN-2353-1","summary":"apt vulnerability","details":"It was discovered that APT incorrectly handled certain http URLs. If a\nremote attacker were able to perform a machine-in-the-middle attack, this flaw\ncould be exploited to cause APT to crash, resulting in a denial of service,\nor possibly execute arbitrary code. The default compiler options for\naffected releases should reduce the vulnerability to a denial of service.\n(CVE-2014-6273)\n\nIn addition, this update fixes regressions introduced by the USN-2348-1\nsecurity update: APT incorrectly handled file:/// sources on a different\npartition, incorrectly handled Dir::state::lists set to a relative path,\nand incorrectly handled cdrom: sources.\n","modified":"2026-04-22T09:00:44.793283Z","published":"2014-09-23T16:12:19Z","related":["UBUNTU-CVE-2014-6273"],"upstream":["CVE-2014-6273","UBUNTU-CVE-2014-6273"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2353-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6273"}],"affected":[{"package":{"name":"apt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/apt@1.0.1ubuntu2.4.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1ubuntu2.4.1"}]}],"versions":["0.9.9.1~ubuntu3","0.9.9.1~ubuntu4","0.9.9.1~ubuntu5","0.9.13~exp1ubuntu1","0.9.13~exp1ubuntu2","0.9.13~exp1ubuntu3","0.9.13.1~ubuntu1","0.9.14.1ubuntu1","0.9.14.1ubuntu2","0.9.15.1ubuntu1","0.9.15.4ubuntu1","0.9.15.4ubuntu2","0.9.15.4ubuntu3","0.9.15.4ubuntu4","0.9.15.4ubuntu5","1.0.1ubuntu2","1.0.1ubuntu2.1","1.0.1ubuntu2.3"],"ecosystem_specific":{"binaries":[{"binary_name":"apt","binary_version":"1.0.1ubuntu2.4.1"},{"binary_name":"apt-transport-https","binary_version":"1.0.1ubuntu2.4.1"},{"binary_name":"apt-utils","binary_version":"1.0.1ubuntu2.4.1"},{"binary_name":"libapt-inst1.5","binary_version":"1.0.1ubuntu2.4.1"},{"binary_name":"libapt-pkg4.12","binary_version":"1.0.1ubuntu2.4.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2353-1.json","cves_map":{"cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-6273"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}