Flaw in the APT package manager

There is a flaw in the apt package manager which would allow an attacker to get root privileges on a machine.

Here is the mitigation from the Debian Mailing List

Since you are updating the package manager itself you can use these commands to update without the risk of a redirect.
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

1 Like