Has apt security issue been resolved in the latest iso image?

2 replies [Last post]
Xorux
Offline
Joined: 12/14/2017

Hello all! Is downloading the Trisquel 8.0 LTS Flidas 2.5GB Live DVD iso image relatively safe from the DSA-437 apt bug now?
In other words, if we were to do a new installation of Trisquel, and then run the "#sudo apt-get update && sudo apt-get upgrade" commands after installing Trisquel to the HDD, would that be safe from the DSA-4371 bug?

I have heard that apt got fixed for Debian. Source: https://www.debian.org/News/2019/20190123
I hope the iso image of Trisquel's apt is fixed, or will be fixed soon as well.

Thank you in advance! :D

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

Liberated
Offline
Joined: 03/22/2019

Would exploitation still be possible if this was done after Trisquel was fully installed but the option "Download updates while installing Trisquel" was enabled during the installation process?