security: apt redirect bug
Carruth, Rusty
Rusty.Carruth at smartm.com
Wed Jan 23 11:02:30 MST 2019
And if I’m using synaptic, how do I set those options? The only place I’ve found is for setting an internal option…
Oh, wait - how about /etc/apt/apt.conf?
I don’t seem to have one, can I simply create it and put something like:
APT {
Get {
Acquire::http::AllowRedirect “false”;
};
};
And be good?
Rusty
On Tue, Jan 22, 2019 at 10:32 PM Herminio Hernandez, Jr. <herminio.hernandezjr at gmail.com<mailto:herminio.hernandezjr at gmail.com>> wrote:
Thanks Hans!
On Tue, Jan 22, 2019 at 10:08 PM der.hans <PLUGd at lufthans.com<mailto:PLUGd at lufthans.com>> wrote:
moin moin,
a security flaw was discovered in apt that allows a remote man in the
middle attacker to inject a malicious package that will be installed by
root.
Use '-o Acquire::http::AllowRedirect=false' option for apt tools to
disable the redirect that's vulnerable in order to install the updates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20190123/dc44398e/attachment.html>
More information about the PLUG-discuss
mailing list