Details

Ansgar Burchardt discovered that APT incorrectly handled InRelease files.

If a remote attacker were able to perform a man-in-the-middle attack, this

flaw could potentially be used to install altered packages.

This update corrects the issue by disabling InRelease file support

completely. Please note that this update breaks third-party repositories

that provide only a InRelease file and no separate Release and Release.gpg

files. The default Ubuntu repositories do not use InRelease files.