moin moin, a security flaw was discovered in apt that allows a remote man in the middle attacker to inject a malicious package that will be installed by root. Use '-o Acquire::http::AllowRedirect=false' option for apt tools to disable the redirect that's vulnerable in order to install the updates. Also, use upgrade rather than dist-upgrade or full-upgrade for now to prevent installation of packages that aren't already installed. In fact, perhaps look at the upgrade list and specifically install the apt packages from it. Disabling AllowRedirect has been working for me with both debian and Ubuntu. -- apt -o Acquire::http::AllowRedirect=false update apt -o Acquire::http::AllowRedirect=false upgrade -- https://lists.debian.org/debian-security-announce/2019/msg00010.html ciao, der.hans -- # https://www.LuftHans.com https://www.PhxLinux.org # ... All true wisdom is found on T-shirts. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss