[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Debian/Ubuntu security apt phun

Subject: Debian/Ubuntu security apt phun
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 14 Dec 2016 19:06:57 +0200

Debian/Ubuntu security apt phun

https://www.ubuntu.com/usn/usn-3156-1/
13th December, 2016
An attacker could trick APT into installing altered packages. 

https://www.debian.org/security/2016/dsa-3733
can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.

Likely besides the nsa, others enjoyed this too (have seen multi user 
debian mirror with world writable stuff at /etc)

And how do you update apt if it is broken? ;)

Follow-Ups:
- Debian/Ubuntu security apt phun
  - From: rayzer at riseup.net (Razer)

Prev by Date: Tick Tick Tick - "Seven Days" (Soft Coup in Progress in US)
Next by Date: Debian/Ubuntu security apt phun
Previous by thread: Tick Tick Tick - "Seven Days" (Soft Coup in Progress in US)
Next by thread: Debian/Ubuntu security apt phun
Index(es):
- Date
- Thread