Joined: 9 Jun 02
Disable redirects before applying update
$ sudo apt update -o Acquire::http::AllowRedirect=false $ sudo apt upgrade -o Acquire::http::AllowRedirect=false
The Debian Project has patched a security flaw in its software manager Apt that can be exploited by network snoops to execute commands as root on victims' boxes as they update or install packages.
The Linux distro's curators have pushed out an fix to address CVE-2019-3462, a vulnerability uncovered and reported by researcher Max Justicz.
The flaw is related to the way Apt and apt-get handle HTTP redirects when downloading packages. Apt fetches packages over plain-old HTTP, rather than a more secure HTTPS connection, and uses cryptographic signatures to check whether the downloaded contents are legit and haven't been tampered with.
Joined: 29 Apr 01
Already received an update for that CVE on Ubuntu 18.04 LTS today.
Seti@Home classic workunits:20,676 CPU time:74,226 hours
©2019 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.