MX Linux Forum

Support for MX and antiX Linux distros
http://www.forum.mxlinux.org/

APT vulnerability

http://www.forum.mxlinux.org/viewtopic.php?t=48110

Page 1 of 2

APT vulnerability

Posted: Wed Jan 23, 2019 8:38 am
by mmikeinsantarosa
anybody else see this? Debian Security Advisory

- mike

Re: APT vulnerability

Posted: Wed Jan 23, 2019 8:50 am
by Eadwine Rose
Is it this? viewtopic.php?f=97&t=48093&p=480883

Re: APT vulnerability

Posted: Wed Jan 23, 2019 8:51 am
by dolphin_oracle
and already patched last nite I believe. You should see apt in your updates.

Re: APT vulnerability

Posted: Wed Jan 23, 2019 8:52 am
by philotux
I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?

Re: APT vulnerability

Posted: Wed Jan 23, 2019 8:57 am
by dolphin_oracle
philotux wrote: Wed Jan 23, 2019 8:52 am I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?
I think its already done.

The suggestion from debian was to avoid man-in-the-middle attacks while doing the update. Once the update is done, you're done. The suggestion is a little cautious to do the manual disable of AllowRedirect, even if its technically a correct suggestion.

Re: APT vulnerability

Posted: Wed Jan 23, 2019 9:00 am
by philotux
All is well then. Thanks!

Re: APT vulnerability

Posted: Wed Jan 23, 2019 9:05 am
by mmikeinsantarosa
thanks. I missed the other post.

Re: APT vulnerability

Posted: Wed Jan 23, 2019 9:10 am
by sdibaja
the patch was published (in Debian) and we were able to update before the press release was made.
...


I assume MX has those updates also, but not really sure.

Re: APT vulnerability

Posted: Wed Jan 23, 2019 9:12 am
by kmathern
philotux wrote: Wed Jan 23, 2019 8:52 am I did the updates yesterday when they came through Synaptic. I wasn't then aware of the need to do

Code: Select all

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
should I now remove those packages and run these codes and reinstall?
You can't really remove and reinstall them because removing them results in the removal of most of the other package management tools too including synaptic, gdebi & aptitude which will make it difficult to reinstall things. (you might be able to reinstall the packages with dpkg)

Re: APT vulnerability

Posted: Wed Jan 23, 2019 9:17 am
by philotux
kmathern wrote: Wed Jan 23, 2019 9:12 am You can't really remove and reinstall them because removing them results in the removal of most of the other package management tools too including synaptic, gdebi & aptitude which will make it difficult to reinstall things. (you might be able to reinstall the packages with dpkg)
Thank's for this! I had no idea!
All times are UTC-04:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited