Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Report Bugs, Issues and non- package Requests
Post Reply
Message
Author
User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#1 Post by colin_b »

https://thehackernews.com/2019/01/linux ... cking.html
Since APT is being used by many major Linux distributions including Debian and Ubuntu, who have also acknowledged and released security patches for the vulnerability, it is highly recommended for Linux users to update their systems as soon as possible.

User avatar
anticapitalista
Developer
Posts: 4160
Joined: Sat Jul 15, 2006 10:40 am

Re: Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#2 Post by anticapitalista »

Already fixed in Debian stretch update.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

philotux
Posts: 280
Joined: Sun Apr 22, 2018 12:57 pm

Re: Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#3 Post by philotux »

I had the following updates today:

Code: Select all

Upgraded the following packages:
apt (1.4.8) to 1.4.9
apt-transport-https (1.4.8) to 1.4.9
apt-utils (1.4.8) to 1.4.9
libapt-inst2.0 (1.4.8) to 1.4.9
libapt-pkg5.0 (1.4.8) to 1.4.9
So I suppose these are the patched ones.

skidoo
Posts: 753
Joined: Tue Sep 22, 2015 6:56 pm

Re: Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#4 Post by skidoo »

If you're wondering/supposing, you can visit https://packages.debian.org and type in the packagename. When viewing the info page for any package, the right column of the webpage includes links to read "changelong", "bugtracker" etc related to the package.

philotux
Posts: 280
Joined: Sun Apr 22, 2018 12:57 pm

Re: Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#5 Post by philotux »

skidoo wrote: Tue Jan 22, 2019 2:40 pm If you're wondering/supposing, you can visit https://packages.debian.org and type in the packagename. When viewing the info page for any package, the right column of the webpage includes links to read "changelong", "bugtracker" etc related to the package.
Great!
Thanks for the info!


User avatar
BitJam
Developer
Posts: 2283
Joined: Sat Aug 22, 2009 11:36 pm

Re: Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

#7 Post by BitJam »

Yep, we should expect more bugs like this to emerge.
"The first principle is that you must not fool yourself -- and you are the easiest person to fool."

-- Richard Feynman

Post Reply

Return to “Bugs and Non-Package Requests Forum”