Debian 8 Jessie: DLA-1637-1 Moderate: APT Man-In-The-Middle Threat
debian lts
January 22, 2019
Max Justicz discovered a vulnerability in APT, the high level package manager
Summary
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
This is known to break some proxies when used against security.debian.org. If
that happens, people can switch their security APT source to use:
deb stable/updates main
For Debian 8 "Jessie", this problem has been fixed in version
1.0.9.8.5.
We recommend that you upgrade your apt packages.
Specific upgrade instructions:
If upgrading using APT without redirect is not possible in your situation, you
can manually download the files (using wget/curl) for your architecture using
the URL provided below, verifying that the hashes match. Then you can install
them using dpkg -i.
Architecture independent files:
Size/SHA256 checksum: 301106 47df9567e45fadcd2a56c0fd3d514d8136f2f206aa7baa47405c6fcb94824ab6
Size/SHA256 checksum: 750506 ce79b2ef272716b8da11f3fd0497ce0b7ee69c9c66d01669e8abbbfdde5e6256
amd64 architecture:
PREVIOUS
NEXT
<pre><font face="Courier">Package: apt
Version: 1.0.9.8.5
CVE ID: CVE-2019-3462
Debian Bug:
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!