Vulnerability in APT allows arbitrary code execution

Discussion in 'all things UNIX' started by BoerenkoolMetWorst, Dec 19, 2016.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    https://lwn.net/Articles/709119/

    https://security-tracker.debian.org/tracker/CVE-2016-1252
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Debian is pushing apt-transport-https now. Without it, jessie won't even update.
     
  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,870
    Stupid idea by Debian.

    Chances of a remote hack are as likely as Russians hacking the American election.

    This obsession with theoretical exploits is crippling the Linux desktop.
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @mirimir

    Cool, have now set up HTTPS transport in Stretch. This has been a long time coming IMO. Are there HTTPS mirrors available for debian-security?

    @NormanF

    "It's always too much security, until it isn't enough."

    Approaching security defensively was ruinous for Windows, and would be no different for Linux. I'm very glad to see Linux devs taking a more active approach.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I don't know. I just ran into it because the MPTCP repo is HTTPS by default.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.