RE: security: apt redirect bug

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\der.hans at <-
MM 
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Carruth, Rusty
Date:  
To: Main PLUG discussion list
Subject: RE: security: apt redirect bug
And if I’m using synaptic, how do I set those options? The only place I’ve found is for setting an internal option…

Oh, wait - how about /etc/apt/apt.conf?

I don’t seem to have one, can I simply create it and put something like:

APT {
  Get {
         Acquire::http::AllowRedirect “false”;
  };
};

And be good?




Rusty

On Tue, Jan 22, 2019 at 10:32 PM Herminio Hernandez, Jr. <<mailto:herminio.hernandezjr@gmail.com>> wrote:
Thanks Hans!

On Tue, Jan 22, 2019 at 10:08 PM der.hans <<mailto:PLUGd@lufthans.com>> wrote:
moin moin,

a security flaw was discovered in apt that allows a remote man in the
middle attacker to inject a malicious package that will be installed by
root.

Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
disable the redirect that's vulnerable in order to install the updates.

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: security: apt redirect bugrsync permission denied->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)