Debian & Ubuntu Fix Man-in-the-Middle Attack in APT Package Manager, Update Now
The Debian Project and Canonical have released patched APT packages for all of their supported distributions to address a critical security vulnerability that could allow remote attackers to perform a man-in-the-middle attack.
The security vulnerability was discovered by Max Justicz in the APT package, the high-level package manager used by the Debian GNU/Linux and Ubuntu operating systems, as well as any other derivative, official or unofficial, such as Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, and even the popular Linux Mint.
The issue could allow a remote attacker to trick APT into installing malicious packages that pose as valid ones, but which could be used for code execution with administrative (root) privileges after installation to gain control of the vulnerable machine. More details are available for further reading at CVE-2019-3462.
“The code handling HTTP redirects in … (read more)