Thanks Hans! On Tue, Jan 22, 2019 at 10:08 PM der.hans wrote: > moin moin, > > a security flaw was discovered in apt that allows a remote man in the > middle attacker to inject a malicious package that will be installed by > root. > > Use '-o Acquire::http::AllowRedirect=false' option for apt tools to > disable the redirect that's vulnerable in order to install the updates. > > Also, use upgrade rather than dist-upgrade or full-upgrade for now to > prevent installation of packages that aren't already installed. > > In fact, perhaps look at the upgrade list and specifically install the apt > packages from it. > > Disabling AllowRedirect has been working for me with both debian and > Ubuntu. > > -- > apt -o Acquire::http::AllowRedirect=false update > apt -o Acquire::http::AllowRedirect=false upgrade > -- > > https://lists.debian.org/debian-security-announce/2019/msg00010.html > > ciao, > > der.hans > -- > # https://www.LuftHans.com https://www.PhxLinux.org > # ... All true wisdom is found on T-shirts. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss