[Trisquel-users] APT security issue

interxorler at riseup.net interxorler at riseup.net
Sun Feb 3 23:34:05 CET 2019


I was just about to ask the same question, and noticed you beat me to it. =)

On the Debian website a vulnerability in apt, DSA-4371, has been found.  
https://www.debian.org/security/2019/dsa-4371

“To disable redirects in order to prevent exploitation during this  
upgrade,” the Debian website recommends people to use these commands:

apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

My current version of apt is 1.2.29. It seems like this vulnerability has  
been fixed in apt 1.4.9. I would just like to no longer be vulnerable to this  
“man-in-the-middle” attack. How should we, as Trisquel users, upgrade apt  
to no longer be vulnerable?

Is it safe to do the commands above and then just do $sudo apt-get update  
normally? Or is there a safer way to do so, such as manually downloading the  
files with wget/curl, verifying the hashes match, and installing them with  
dpkg -i?

I'm not sure how to go about an apt upgrade on Trisquel in a relatively safe  
way. Thanks in advance for any advice/instructions. :)


More information about the Trisquel-users mailing list