{"id":"UBUNTU-CVE-2015-1330","details":"unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.","modified":"2026-01-30T02:01:39.347595Z","published":"2015-06-29T17:00:00Z","related":["USN-2657-1"],"upstream":["CVE-2015-1330"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1330"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2657-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-1330"}],"affected":[{"package":{"name":"unattended-upgrades","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/unattended-upgrades@0.82.1ubuntu2.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.82.1ubuntu2.3"}]}],"versions":["0.79.3ubuntu8","0.81","0.82","0.82.1ubuntu1","0.82.1ubuntu2","0.82.1ubuntu2.1","0.82.1ubuntu2.2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.82.1ubuntu2.3","binary_name":"unattended-upgrades"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-1330.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}