20 votes

Remote Code Execution in apt/apt-get

4 comments

  1. Crestwave (edited ) Link
    This is quite timely, with the recent discussions on whether apt should use HTTPS; HTTP allows other users on your network to exploit this vulnerability. It has already been fixed in Debian;...

    This is quite timely, with the recent discussions on whether apt should use HTTPS; HTTP allows other users on your network to exploit this vulnerability.

    It has already been fixed in Debian; please see https://lists.debian.org/debian-security-announce/2019/msg00010.html before updating.

    7 votes
  2. [3]
    Emerald_Knight Link
    Crazy little vulnerability here. My servers were running a bit out of date and would be affected by this. Just rolled out updates to avoid having this bite me in the ass later. Thanks for sharing...

    Crazy little vulnerability here. My servers were running a bit out of date and would be affected by this. Just rolled out updates to avoid having this bite me in the ass later.

    Thanks for sharing this!

    2 votes