LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi
User Name
Password
Bodhi This forum is for the discussion of Bodhi Linux.

Notices


Reply
  Search this Thread
Old 01-23-2019, 03:10 PM   #1
hemlocktree
Member
 
Registered: Aug 2018
Location: Northern Exposure
Distribution: Bodhi 5
Posts: 419

Rep: Reputation: 160Reputation: 160
apt bug fixed


https://www.zdnet.com/article/nasty-...tag=RSSbaffb68

maybe useful for stefan and ylee, et al
 
Old 01-24-2019, 11:35 AM   #2
the_waiter
Bodhi Developer
 
Registered: Jun 2018
Location: Banská Bystrica, Slovakia
Distribution: Bodhi Linux
Posts: 297

Rep: Reputation: 245Reputation: 245Reputation: 245
OK, I will look later, thx
 
1 members found this post helpful.
Old 01-27-2019, 05:45 AM   #3
cordx
Member
 
Registered: Oct 2018
Location: texas
Distribution: bodhi 5.0
Posts: 176

Rep: Reputation: 25
interesting read. thanks for the share.

i am by no means any kind of security expert, but thought this was an important paragraph:

He also pointed out that, "By default, Debian and Ubuntu both use plain http repositories out of the box." While there's heated debate over whether the more secure https actually improved apt security, Justicz knows his position: "I wouldn't have been able to exploit the Dockerfile at the top of this post if the default package servers had been using https."

especially in a day and age when https has come to be fairly universal.
 
Old 01-27-2019, 01:24 PM   #4
rbtylee
Bodhi Developer
 
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 108

Rep: Reputation: 125Reputation: 125
Not been ignoring this just busy. Always lots of security vulnerabilities ...

Anyways for the record this has been patched in our Ubuntu base:

Code:
apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 18 Jan 2019 11:39:50 +0100
It is up to you if you wish to disable redirects as the Debian security team recommends. peace
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Microsoft thinks it's fixed Windows Server mess its last fix 'fixed' LXer Syndicated Linux News 0 06-06-2016 06:30 AM
Bug in 8.04, fixed in 8.10 - How to get fixed in 8.04 which is LTS? taylorkh Ubuntu 4 02-28-2009 06:17 PM
apt pinning /etc/apt/apt.conf parent's_basement Debian 5 10-26-2008 06:50 PM
Using 9.2 can this bug be fixed. barrys Mandriva 3 09-25-2003 07:28 AM
up2date bug fixed: New up2date avail. with updated SSL certificate authority file dkaplowitz Red Hat 2 09-04-2003 06:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Bodhi

All times are GMT -5. The time now is 09:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration