Secuity Bug in Linux APT

I’m in the process of testing Whonix ( like tails but runs in VMs) and saw a major security notice that affects all Debian based Linux like Ubuntu and Mint.

Apparently, the redirect wrapper does not sanitize the input and could allow a man in the middle attack. It’s been patched, so to stop the possible redirect and get the new version using these commands:

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

Check your apt version with:

apt -v
Fixed Versions

Debian 9 Stretch – 1.4.9
Ubuntu 18.10 “Cosmic” – 1.7.0ubuntu0.1
Ubuntu 18.04 “Bionic” – 1.6.6ubuntu0.1
Ubuntu 16.04 “Xenial” – 1.2.29ubuntu0.1
Ubuntu 14.04 “Trusty” – 1.0.1ubuntu2.19
Mint 18 is Ubuntu 16.04 ‘Xenial’.
Mint 19 is Ubuntu 18.04 ‘Bionic’.

More Reading


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.