Flaw in the APT package manager


#1

There is a flaw in the apt package manager which would allow an attacker to get root privileges on a machine.


#2

Here is the mitigation from the Debian Mailing List
https://lists.debian.org/debian-security-announce/2019/msg00010.html

Since you are updating the package manager itself you can use these commands to update without the risk of a redirect.
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade