LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi
Reload this Page apt bug fixed
User Name
Password
Bodhi This forum is for the discussion of Bodhi Linux.

Notices


Reply
  Search this Thread
Old 01-23-2019, 02:10 PM   #1
hemlocktree
Member
 
Registered: Aug 2018
Posts: 719

Rep: Reputation: 311Reputation: 311Reputation: 311Reputation: 311
apt bug fixed

https://www.zdnet.com/article/nasty-...tag=RSSbaffb68

maybe useful for stefan and ylee, et al
 
Old 01-24-2019, 10:35 AM   #2
the_waiter
Bodhi Developer
 
Registered: Jun 2018
Location: Banská Bystrica, Slovakia
Distribution: Bodhi Linux
Posts: 864

Rep: Reputation: 665Reputation: 665Reputation: 665Reputation: 665Reputation: 665Reputation: 665
OK, I will look later, thx
 
1 members found this post helpful.
Old 01-27-2019, 04:45 AM   #3
cordx
Member
 
Registered: Oct 2018
Location: texas
Distribution: bodhi 5.1.0
Posts: 797

Rep: Reputation: 184Reputation: 184
interesting read. thanks for the share.

i am by no means any kind of security expert, but thought this was an important paragraph:

He also pointed out that, "By default, Debian and Ubuntu both use plain http repositories out of the box." While there's heated debate over whether the more secure https actually improved apt security, Justicz knows his position: "I wouldn't have been able to exploit the Dockerfile at the top of this post if the default package servers had been using https."

especially in a day and age when https has come to be fairly universal.
 
Old 01-27-2019, 12:24 PM   #4
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 455

Rep: Reputation: 437Reputation: 437Reputation: 437Reputation: 437Reputation: 437
Not been ignoring this just busy. Always lots of security vulnerabilities ...

Anyways for the record this has been patched in our Ubuntu base:

Code:
apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 18 Jan 2019 11:39:50 +0100
It is up to you if you wish to disable redirects as the Debian security team recommends. peace
 
1 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Microsoft thinks it's fixed Windows Server mess its last fix 'fixed' LXer Syndicated Linux News 0 06-06-2016 05:30 AM
Bug in 8.04, fixed in 8.10 - How to get fixed in 8.04 which is LTS? taylorkh Ubuntu 4 02-28-2009 05:17 PM
apt pinning /etc/apt/apt.conf parent's_basement Debian 5 10-26-2008 05:50 PM
Using 9.2 can this bug be fixed. barrys Mandriva 3 09-25-2003 06:28 AM
up2date bug fixed: New up2date avail. with updated SSL certificate authority file dkaplowitz Red Hat 2 09-04-2003 05:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi

All times are GMT -5. The time now is 05:42 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration