security flaw in APT
Welcome, Guest.
He could not keep viruses out of Windows! Do you want Bill Gates' MANDATORY Covid-19 Vaccine? Sign this petition!
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -Benjamin Franklin

Author Topic: security flaw in APT  (Read 1173 times)

Offline fchaos

  • Contributor
  • *******
  • Posts: 976
security flaw in APT
« on: January 22, 2019, 08:30:43 PM »
just saw this... seems there could be a serious security flaw in some APT-GET based package managers:
https://thehackernews.com/2019/01/linux-apt-http-hacking.html

Offline RTheren

  • Jr. Member
  • ***
  • Posts: 48
Re: security flaw in APT
« Reply #1 on: January 23, 2019, 05:14:24 AM »
I got updates for APT sooner than I've seen any news about this vulnerability.
There is a way you can enable HTTPS if you want at least.

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5637
  • Cup of Linux Founder
    • Cup of Linux
Re: security flaw in APT
« Reply #2 on: January 23, 2019, 09:21:21 AM »
Yep! As soon as a vulnerability is identified, the community sends a patch downstream... Try that, Microsoft!
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline Will

  • Spatry's Tardis Operator
  • Contributor
  • *******
  • Posts: 498
  • Chronic Distro Hopper
Re: security flaw in APT
« Reply #3 on: January 23, 2019, 06:45:46 PM »
I'm sure I had an apt update yesterday on one of the VMs on my server. Ubuntu 18.04 runs Unifi (Ubiquiti wifi AP), Samba for house and will have some extremely important reasearch documents for my mum in the near future. It's at this point I now get troubled at things like this.
Also the host is Proxmox which is Debian based.

I liked not caring too much about security in the past.
Ryzen 7 2700x, 32GB(3600MHz), 500GB 850 EVO, Sapphire Nitro+ RX 580 + EVGA Geforce GTX 1080 | Gentoo

Offline fchaos

  • Contributor
  • *******
  • Posts: 976
Re: security flaw in APT
« Reply #4 on: January 23, 2019, 09:47:34 PM »
good to hear they are on top of it...

since I don't use an APT version I had no idea, but I figured it might be of interest to those who do.