security: apt redirect bug

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
M 
M\Herminio Hernandez, Jr. à ->
Attachements:
Message en tant que courrier électronique
+ (text/plain)
Supprimer ce message
Répondre à ce message
Auteur: der.hans
Date:  
À: quatsch
Sujet: security: apt redirect bug
moin moin,

a security flaw was discovered in apt that allows a remote man in the
middle attacker to inject a malicious package that will be installed by
root.

Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
disable the redirect that's vulnerable in order to install the updates.

Also, use upgrade rather than dist-upgrade or full-upgrade for now to
prevent installation of packages that aren't already installed.

In fact, perhaps look at the upgrade list and specifically install the apt
packages from it.

Disabling AllowRedirect has been working for me with both debian and
Ubuntu.

--
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
--

https://lists.debian.org/debian-security-announce/2019/msg00010.html

ciao,

der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# ... All true wisdom is found on T-shirts.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Ce message a été envoyé sur les listes de diffusion suivantes :
Plug Discuss
Informations sur la liste de diffusion | Messages voisins		<-Re: irc channelRe: security: apt redirect bug->
Some Mailing List Archive administré par UnconfiguredLurker (version 2.3)