Debian/Ubuntu security apt phun
Georgi Guninski
guninski at guninski.com
Wed Dec 14 09:06:57 PST 2016
Debian/Ubuntu security apt phun
https://www.ubuntu.com/usn/usn-3156-1/
13th December, 2016
An attacker could trick APT into installing altered packages.
https://www.debian.org/security/2016/dsa-3733
can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.
Likely besides the nsa, others enjoyed this too (have seen multi user
debian mirror with world writable stuff at /etc)
And how do you update apt if it is broken? ;)
More information about the cypherpunks
mailing list