Debian/Ubuntu security apt phun
Razer
rayzer at riseup.net
Wed Dec 14 09:50:14 PST 2016
On 12/14/2016 09:06 AM, Georgi Guninski wrote:
> Debian/Ubuntu security apt phun
>
> https://www.ubuntu.com/usn/usn-3156-1/
> 13th December, 2016
> An attacker could trick APT into installing altered packages.
>
> https://www.debian.org/security/2016/dsa-3733
> can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.
>
> Likely besides the nsa, others enjoyed this too (have seen multi user
> debian mirror with world writable stuff at /etc)
>
> And how do you update apt if it is broken? ;)
Download the .deb package and install. Assuming ofc apt IS installable
from a .deb file...IDK.
Rr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1229 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20161214/c5e58418/attachment.txt>
More information about the cypherpunks
mailing list