Flaw in the APT package manager


There is a flaw in the apt package manager which would allow an attacker to get root privileges on a machine.


Here is the mitigation from the Debian Mailing List

Since you are updating the package manager itself you can use these commands to update without the risk of a redirect.
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade