Anyone know if Ubuntu has this update in place? On Tue, Jan 22, 2019 at 10:32 PM Herminio Hernandez, Jr. < herminio.hernandezjr@gmail.com> wrote: > Thanks Hans! > > On Tue, Jan 22, 2019 at 10:08 PM der.hans wrote: > >> moin moin, >> >> a security flaw was discovered in apt that allows a remote man in the >> middle attacker to inject a malicious package that will be installed by >> root. >> >> Use '-o Acquire::http::AllowRedirect=false' option for apt tools to >> disable the redirect that's vulnerable in order to install the updates. >> >> Also, use upgrade rather than dist-upgrade or full-upgrade for now to >> prevent installation of packages that aren't already installed. >> >> In fact, perhaps look at the upgrade list and specifically install the apt >> packages from it. >> >> Disabling AllowRedirect has been working for me with both debian and >> Ubuntu. >> >> -- >> apt -o Acquire::http::AllowRedirect=false update >> apt -o Acquire::http::AllowRedirect=false upgrade >> -- >> >> https://lists.debian.org/debian-security-announce/2019/msg00010.html >> >> ciao, >> >> der.hans >> -- >> # https://www.LuftHans.com https://www.PhxLinux.org >> # ... All true wisdom is found on T-shirts. >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen