Secuity Bug in Linux APT

I’m in the process of testing Whonix ( like tails but runs in VMs) and saw a major security notice that affects all Debian based Linux like Ubuntu and Mint.

Apparently, the redirect wrapper does not sanitize the input and could allow a man in the middle attack. It’s been patched, so to stop the possible redirect and get the new version using these commands:

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

Check your apt version with:

apt -v
Fixed Versions

Debian 9 Stretch – 1.4.9
Ubuntu 18.10 “Cosmic” – 1.7.0ubuntu0.1
Ubuntu 18.04 “Bionic” – 1.6.6ubuntu0.1
Ubuntu 16.04 “Xenial” – 1.2.29ubuntu0.1
Ubuntu 14.04 “Trusty” – 1.0.1ubuntu2.19
Mint 18 is Ubuntu 16.04 ‘Xenial’.
Mint 19 is Ubuntu 18.04 ‘Bionic’.

More Reading

https://justi.cz/security/2019/01/22/apt-rce.html
https://www.zdnet.com/article/nasty-security-bug-found-and-fixed-in-linux-apt/
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353
https://lists.debian.org/debian-security-announce/2019/msg00010.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.