<div dir="ltr">Thanks Hans!</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 22, 2019 at 10:08 PM der.hans <<a href="mailto:PLUGd@lufthans.com">PLUGd@lufthans.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">moin moin,<br>
<br>
a security flaw was discovered in apt that allows a remote man in the<br>
middle attacker to inject a malicious package that will be installed by<br>
root.<br>
<br>
Use '-o Acquire::http::AllowRedirect=false' option for apt tools to<br>
disable the redirect that's vulnerable in order to install the updates.<br>
<br>
Also, use upgrade rather than dist-upgrade or full-upgrade for now to<br>
prevent installation of packages that aren't already installed.<br>
<br>
In fact, perhaps look at the upgrade list and specifically install the apt<br>
packages from it.<br>
<br>
Disabling AllowRedirect has been working for me with both debian and<br>
Ubuntu.<br>
<br>
--<br>
apt -o Acquire::http::AllowRedirect=false update<br>
apt -o Acquire::http::AllowRedirect=false upgrade<br>
--<br>
<br>
<a href="https://lists.debian.org/debian-security-announce/2019/msg00010.html" rel="noreferrer" target="_blank">https://lists.debian.org/debian-security-announce/2019/msg00010.html</a><br>
<br>
ciao,<br>
<br>
der.hans<br>
-- <br>
# <a href="https://www.LuftHans.com" rel="noreferrer" target="_blank">https://www.LuftHans.com</a> <a href="https://www.PhxLinux.org" rel="noreferrer" target="_blank">https://www.PhxLinux.org</a><br>
# ... All true wisdom is found on T-shirts.<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>