14 Dec
2016
14 Dec
'16
5:50 p.m.
On 12/14/2016 09:06 AM, Georgi Guninski wrote:
Debian/Ubuntu security apt phun
https://www.ubuntu.com/usn/usn-3156-1/ 13th December, 2016 An attacker could trick APT into installing altered packages.
https://www.debian.org/security/2016/dsa-3733 can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.
Likely besides the nsa, others enjoyed this too (have seen multi user debian mirror with world writable stuff at /etc)
And how do you update apt if it is broken? ;)
Download the .deb package and install. Assuming ofc apt IS installable from a .deb file...IDK. Rr