CVE-2014-0489
EPSS 0.69%
Description
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
How to fix CVE-2014-0489
To remediate CVE-2014-0489, upgrade the affected package to a fixed version below.
- Debian/apt—upgrade to 1.0.9 or later
Is CVE-2014-0489 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.9