Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > Bodhi
User Name
Bodhi This forum is for the discussion of Bodhi Linux.


  Search this Thread
Old 01-23-2019, 02:10 PM   #1
Registered: Aug 2018
Posts: 719

Rep: Reputation: 309Reputation: 309Reputation: 309Reputation: 309
apt bug fixed

maybe useful for stefan and ylee, et al
Old 01-24-2019, 10:35 AM   #2
Bodhi Developer
Registered: Jun 2018
Location: Banská Bystrica, Slovakia
Distribution: Bodhi Linux
Posts: 838

Rep: Reputation: 648Reputation: 648Reputation: 648Reputation: 648Reputation: 648Reputation: 648
OK, I will look later, thx
1 members found this post helpful.
Old 01-27-2019, 04:45 AM   #3
Registered: Oct 2018
Location: texas
Distribution: bodhi 5.1.0
Posts: 786

Rep: Reputation: 181Reputation: 181
interesting read. thanks for the share.

i am by no means any kind of security expert, but thought this was an important paragraph:

He also pointed out that, "By default, Debian and Ubuntu both use plain http repositories out of the box." While there's heated debate over whether the more secure https actually improved apt security, Justicz knows his position: "I wouldn't have been able to exploit the Dockerfile at the top of this post if the default package servers had been using https."

especially in a day and age when https has come to be fairly universal.
Old 01-27-2019, 12:24 PM   #4
Bodhi Developer
Registered: Jun 2018
Location: Ladson, SC US
Distribution: Bodhi
Posts: 435

Rep: Reputation: 420Reputation: 420Reputation: 420Reputation: 420Reputation: 420
Not been ignoring this just busy. Always lots of security vulnerabilities ...

Anyways for the record this has been patched in our Ubuntu base:

apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <>  Fri, 18 Jan 2019 11:39:50 +0100
It is up to you if you wish to disable redirects as the Debian security team recommends. peace
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Microsoft thinks it's fixed Windows Server mess its last fix 'fixed' LXer Syndicated Linux News 0 06-06-2016 05:30 AM
Bug in 8.04, fixed in 8.10 - How to get fixed in 8.04 which is LTS? taylorkh Ubuntu 4 02-28-2009 05:17 PM
apt pinning /etc/apt/apt.conf parent's_basement Debian 5 10-26-2008 05:50 PM
Using 9.2 can this bug be fixed. barrys Mandriva 3 09-25-2003 06:28 AM
up2date bug fixed: New up2date avail. with updated SSL certificate authority file dkaplowitz Red Hat 2 09-04-2003 05:05 PM > Forums > Linux Forums > Linux - Distributions > Bodhi

All times are GMT -5. The time now is 01:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration