security: apt redirect bug
Herminio Hernandez, Jr.
herminio.hernandezjr at gmail.com
Tue Jan 22 22:32:00 MST 2019
Thanks Hans!
On Tue, Jan 22, 2019 at 10:08 PM der.hans <PLUGd at lufthans.com> wrote:
> moin moin,
>
> a security flaw was discovered in apt that allows a remote man in the
> middle attacker to inject a malicious package that will be installed by
> root.
>
> Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
> disable the redirect that's vulnerable in order to install the updates.
>
> Also, use upgrade rather than dist-upgrade or full-upgrade for now to
> prevent installation of packages that aren't already installed.
>
> In fact, perhaps look at the upgrade list and specifically install the apt
> packages from it.
>
> Disabling AllowRedirect has been working for me with both debian and
> Ubuntu.
>
> --
> apt -o Acquire::http::AllowRedirect=false update
> apt -o Acquire::http::AllowRedirect=false upgrade
> --
>
> https://lists.debian.org/debian-security-announce/2019/msg00010.html
>
> ciao,
>
> der.hans
> --
> # https://www.LuftHans.com https://www.PhxLinux.org
> # ... All true wisdom is found on T-shirts.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20190122/518def06/attachment.html>
More information about the PLUG-discuss
mailing list