Thanks Hans!

On Tue, Jan 22, 2019 at 10:08 PM der.hans <PLUGd@lufthans.com> wrote:

> moin moin,
>
> a security flaw was discovered in apt that allows a remote man in the
> middle attacker to inject a malicious package that will be installed by
> root.
>
> Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
> disable the redirect that's vulnerable in order to install the updates.
>
> Also, use upgrade rather than dist-upgrade or full-upgrade for now to
> prevent installation of packages that aren't already installed.
>
> In fact, perhaps look at the upgrade list and specifically install the apt
> packages from it.
>
> Disabling AllowRedirect has been working for me with both debian and
> Ubuntu.
>
> --
>   apt -o Acquire::http::AllowRedirect=false update
>   apt -o Acquire::http::AllowRedirect=false upgrade
> --
>
> https://lists.debian.org/debian-security-announce/2019/msg00010.html
>
> ciao,
>
> der.hans
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  ... All true wisdom is found on T-shirts.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss