APT vulnerability

For interesting topics. But remember this is a Linux Forum. Do not post offensive topics that are meant to cause trouble with other members or are derogatory towards people of different genders, race, color, minors (this includes nudity and sex), politics or religion. Let's try to keep peace among the community and for visitors.

No spam on this or any other forums please! If you post advertisements on these forums, your account may be deleted.

Do not copy and paste entire or even up to half of someone else's words or articles into posts. Post only a few sentences or a paragraph and make sure to include a link back to original words or article. Otherwise it's copyright infringement.

You can talk about other distros here, but no MX bashing. You can email the developers of MX if you just want to say you dislike or hate MX.
Post Reply
Message
Author
User avatar
mmikeinsantarosa
Developer
Posts: 2243
Joined: Thu May 01, 2014 10:12 am

APT vulnerability

#1 Post by mmikeinsantarosa »

anybody else see this? Debian Security Advisory

- mike
LT: MX19.1 Quad Core model: Intel Core i7-6820HQ Kernel: 5.0.0-7.1-liquorix-amd64 x86_64
Top
User avatar
Eadwine Rose
Administrator
Posts: 14470
Joined: Wed Jul 12, 2006 2:10 am

Re: APT vulnerability

#2 Post by Eadwine Rose »

Is it this? viewtopic.php?f=97&t=48093&p=480883
MX-23.6_x64 July 31 2023 * 6.1.0-34amd64 ext4 Xfce 4.20.0 * 8-core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 535.216.01 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 870EVO * Samsung S24D330 & P2250 * HP Envy 5030
Top
User avatar
dolphin_oracle
Developer
Posts: 22074
Joined: Sun Dec 16, 2007 12:17 pm

Re: APT vulnerability

#3 Post by dolphin_oracle »

and already patched last nite I believe. You should see apt in your updates.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Top
philotux
Posts: 280
Joined: Sun Apr 22, 2018 12:57 pm

Re: APT vulnerability

#4 Post by philotux »

I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?
Top
User avatar
dolphin_oracle
Developer
Posts: 22074
Joined: Sun Dec 16, 2007 12:17 pm

Re: APT vulnerability

#5 Post by dolphin_oracle »

philotux wrote: Wed Jan 23, 2019 8:52 am I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?
I think its already done.

The suggestion from debian was to avoid man-in-the-middle attacks while doing the update. Once the update is done, you're done. The suggestion is a little cautious to do the manual disable of AllowRedirect, even if its technically a correct suggestion.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Top
philotux
Posts: 280
Joined: Sun Apr 22, 2018 12:57 pm

Re: APT vulnerability

#6 Post by philotux »

All is well then. Thanks!
Top
User avatar
mmikeinsantarosa
Developer
Posts: 2243
Joined: Thu May 01, 2014 10:12 am

Re: APT vulnerability

#7 Post by mmikeinsantarosa »

thanks. I missed the other post.
LT: MX19.1 Quad Core model: Intel Core i7-6820HQ Kernel: 5.0.0-7.1-liquorix-amd64 x86_64
Top
User avatar
sdibaja
Posts: 47
Joined: Fri May 25, 2018 9:55 pm

Re: APT vulnerability

#8 Post by sdibaja »

the patch was published (in Debian) and we were able to update before the press release was made.
...


I assume MX has those updates also, but not really sure.
Peter E.
Baja California, Mexico.
Top
User avatar
kmathern
Developer
Posts: 2511
Joined: Wed Jul 12, 2006 2:26 pm

Re: APT vulnerability

#9 Post by kmathern »

philotux wrote: Wed Jan 23, 2019 8:52 am I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?
You can't really remove and reinstall them because removing them results in the removal of most of the other package management tools too including synaptic, gdebi & aptitude which will make it difficult to reinstall things. (you might be able to reinstall the packages with dpkg)
Top
philotux
Posts: 280
Joined: Sun Apr 22, 2018 12:57 pm

Re: APT vulnerability

#10 Post by philotux »

kmathern wrote: Wed Jan 23, 2019 9:12 am You can't really remove and reinstall them because removing them results in the removal of most of the other package management tools too including synaptic, gdebi & aptitude which will make it difficult to reinstall things. (you might be able to reinstall the packages with dpkg)
Thank's for this! I had no idea!
Top
Post Reply

Return to “General”