And if I’m using synaptic, how do I set those options?  The only place I’ve found is for setting an internal option…

 

Oh, wait - how about /etc/apt/apt.conf? 

 

I don’t seem to have one, can I simply create it and put something like:

 

APT {

  Get {

         Acquire::http::AllowRedirect “false”;

  };

};

 

And be good?

 

 

 

 

Rusty

 

On Tue, Jan 22, 2019 at 10:32 PM Herminio Hernandez, Jr. <herminio.hernandezjr@gmail.com> wrote:

Thanks Hans!

 

On Tue, Jan 22, 2019 at 10:08 PM der.hans <PLUGd@lufthans.com> wrote:

moin moin,

a security flaw was discovered in apt that allows a remote man in the
middle attacker to inject a malicious package that will be installed by
root.

Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
disable the redirect that's vulnerable in order to install the updates.