Am 23. Jan, 2019 schwätzte Stephen Partington so: > Anyone know if Ubuntu has this update in place? I updated some 18.04 and 16.04 systems last night. I keep security in a seperate file, so I can grab only security updates. cat /etc/apt/sources.list.d/security.list deb http://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse ciao, der.hans > On Tue, Jan 22, 2019 at 10:32 PM Herminio Hernandez, Jr. < > herminio.hernandezjr@gmail.com> wrote: > >> Thanks Hans! >> >> On Tue, Jan 22, 2019 at 10:08 PM der.hans wrote: >> >>> moin moin, >>> >>> a security flaw was discovered in apt that allows a remote man in the >>> middle attacker to inject a malicious package that will be installed by >>> root. >>> >>> Use '-o Acquire::http::AllowRedirect=false' option for apt tools to >>> disable the redirect that's vulnerable in order to install the updates. >>> >>> Also, use upgrade rather than dist-upgrade or full-upgrade for now to >>> prevent installation of packages that aren't already installed. >>> >>> In fact, perhaps look at the upgrade list and specifically install the apt >>> packages from it. >>> >>> Disabling AllowRedirect has been working for me with both debian and >>> Ubuntu. >>> >>> -- >>> apt -o Acquire::http::AllowRedirect=false update >>> apt -o Acquire::http::AllowRedirect=false upgrade >>> -- >>> >>> https://lists.debian.org/debian-security-announce/2019/msg00010.html >>> >>> ciao, >>> >>> der.hans >>> -- >>> # https://www.LuftHans.com https://www.PhxLinux.org >>> # ... All true wisdom is found on T-shirts. >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- # https://www.LuftHans.com https://www.PhxLinux.org # Schlie